A new strain of Android malware has given the impression of being a global criminal and features a wide variety of knowledge theft features that allow you to target 337 Android apps.
Called BlackRock, this new risk gave the impression in May this year and was discovered through the company ThreatFabric cellular security.
Researchers claim that the malware was based on the source code of some other malware strain (Xerxes, founded on other malware strains), but that it has advanced with more features, especially in the look it deals with user theft. ‘passwords and credit card information.
BlackRock continues to function as the latest Android banking Trojans, which targets more programs than the maximum of its predecessors.
The Trojan will borrow the login details (username and passwords), if applicable, but will also invite the victim to enter the main points of the payment card if the applications are monetary transactions.
Using ThreatFabric, knowledge collection adopts a strategy called “overlays,” which is to detect when a user is looking to interact with a valid application and display a fake window in the most sensible that collects login and knowledge data from the victim’s card before authorizing the user. to access the valid app.
In a report shared with ZDNet this week prior to publication, ThreatFabric researchers claim that the vast majority of BlackRock overlays are intended for monetary and social media/communication programs. However, there are also overlays for phishing knowledge of dating, news, shopping, lifestyle and productivity programs. The full list of specific programs is included in the BlackRock report.
To show the overlays, BlackRock is not as exclusive and, under the hood, BlackRock functions as the ultimate Android malware and uses old, shown and tested techniques.
Once installed on a device, a malicious application infected with the BlackRock Trojan prompts the user to grant the phone’s compatibility feature.
The Android accessibility feature is one of the most resilient features of the operating system, as it can be used to automate responsibilities and even tap on behalf of the user.
BlackRock uses the iability feature to grant other Android permissions, then uses an Android DPC (device policy driver, also known as paint profile) to grant administrator to the device.
It then uses it to demonstrate malicious overlays, although ThreatFabric indicates that the Trojan may also perform other intrusive operations, such as:
Currently, BlackRock is distributed disguised as fake Google update packages presented on third-party sites, and the Trojan has still been detected in the official Play Store.
However, Android malware bands have discovered tactics to circumvent Google’s app review procedure in the past, and at some point we’ll probably see BlackRock implemented in the Play Store.
A mysterious organization hijacked Tor’s outbound nodes to perform SSL suppression attacks
FBI says an Iranian hacking group is attacking F5 networking devices
China now blocks all HTTPS traffic encrypted TLS 1.3 and ESNI
DEF CON: A new brings back the ”domain facade” as ”domain mask”
By registering, you agree to the terms of use and knowledge practices defined in the privacy policy.
You’ll get a loose subscription to ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may opt out of receiving these newsletters at any time.
You agree to get CBS circle updates, alerts and promotions from business family members by adding ZDNet Tech Update Today and ZDNet Announcement. You can choose to leave at any time.