So we all know that pretty much from the start, android has been a more 'open to developers' platform than IOS. This has always been a downside for android as it makes the operating system more vulnerable to various different kinds of attacks, which the IOS simply is immune to. Today we are going to talk about one of the latest cases of Trojans ready to eat Android in and out. The name is BLACKROCK TROJAN.
WHAT IS THIS BLACKROCK?
So what actually is this new Trojan? Well, it is actually based on an older malware named Xerxes malware, which in turn is based on another malware named LokiBot. Sounds confusing right? Well, these things kind of are confusing. The only important things you should know are that this Trojan attacks the various apps in your android like Amazon, Facebook, Gmail and Tinder.
WHAT CAN IT DO?
So what actually can this BlackRock do? Well, it has a wide range of apps that it can attack. It can attack both Banking as well as non-banking apps. It can steal your usernames, passwords and other credentials from over 226 apps. Some popular names being Amazon, Cash App, eBay, Gmail, Google Play, Hotmail, Instagram, Microsoft Outlook, myAT&T, Netflix, PayPal, Uber and Yahoo Mail.The list also includes many cryptocurrency apps.
It does not end here. The Trojan also steals credit card numbers from over 111 apps including Facebook, Facebook Messenger, Google Hangouts, Grindr, Instagram, Kik, Periscope, Pinterest, PlayStation, Reddit, Skype, Snapchat, Telegram, TikTok, Tinder, Tumblr, Twitter, Viber, VK, WhatsApp, WeChat and YouTube.
How Does This Malware Work?
So how does it work? Like most of other malwares out there, it asks the users to grant various permissions so that it can access their data. What is more fearful is that once it has been granted the permissions, it hides itself from the App Drawer and the Home Screen of the device. This is now very serious because if it does this, the user won't even know that there is an unknown app installed in his or her device, thus giving the malware a free pass to exploit the data of the users.
It then asks the user to grant the permission for "Accessibility Service privileges". Why does it want that permission? See, the matter is that if you grant an app the permission for "Accessibility Service privileges", you pretty much give the app the permission to give itself any permission in the future, without your knowledge. This makes the malware much more dangerous as now it has the permission to almost everything, including your authorization to grant itself any permission anytime without your knowledge.
Once this is done, it starts receiving commands from the C2 server(command-and-control), and starts performing the attacks on your device.
HOW CAN YOU PREVENT THE INFECTION?
The prevention is actually pretty simple. For the malware to do all the things it does, it needs to be first installed on your device like any normal app. So, do not download apps from anywhere other than the play store. Do not update apps from anywhere other than the Play Store. And stay away from pirated software and games.
We hope that you liked the blog. It is very essential to be informed about malwares as nowadays we depend too much on technology. Please share the blog if you consider it informative.
Thank you.
Comments