Table of Contents

    Watch Out - New Android Malware Attacking Dating Apps

    Android Malware Attacking Dating Apps

    Security researchers have discovered new Android malware that has so far targeted over 300 apps, but primarily focused on dating and social media apps. Although it isn’t one of the most complex malware out there, it was still able to target an extensive list of popular applications.

    The BlackRock banking trojan, uncovered by researchers from ThreatFabric, is designed to scam unsuspecting users into revealing financial and personal information. Read on to learn more about this malware, its impact, and how you can protect yourself against it.

    How It Works

    According to researchers, the malware has a fairly small set of attributes, but still enables its operators to execute overlay attacks, steal messages, lock out the user, and deflect Android antivirus apps. BlackRock is an Android malware that is a successor to the notorious LokiBot Trojan which was popular in 2017 and has been reiterated several times since then.

    While most banking trojans are designed to target banking applications exclusively, BlackRock is known to target a number of other popular apps as well, including well-known apps like TikTok, Tinder, Twitter, Instagram, Facebook, Netflix, Grindr, and many more.

    As per ThreatFabric, BlackRock exhibits a different peculiarity that permits the malware to provide itself infinite access rights by manipulation of the Android features the companies use for defining the DPC. Here is how the BlackRock malware works:

    • BlackRock malware targets Android devices only 
    • Once you install it on the Android phone, it starts monitoring the targeted apps 
    • When the user uses any sensitive information like credit card details, passwords, and more, the malware sends sensitive information to the server of the hacker 
    • The virus also uses the accessibility feature of the smartphone along with the Android device policy controller to gain complete access to other app permissions 

    When the malware is launched for the first time on the smartphone, it hides in the app drawer which makes it difficult for the antivirus apps to detect.  

    The BlackRock Banking Trojan

    The BlackRock Banking Trojan came into existence in May 2020 and was discovered by ThreatFabric analysts. The Trojan is developed from Xerxes Bank malware code, which is part of LokiBot Android Banking Trojan. When the source code of the BlackRock Banking Trojan is leaked, the landscape of the threat starts spreading with other new malware variants with the code. 

    While the LokiBot Android Banking Trojan is considered to be inactive, some attempts have proved its re-emergence in different forms over the past year. BlackRock campaigns are quite dissimilar to such malware as it also targets a list of non-financial apps. 

    Here's how the BlackRock Banking Trojan malware attacks your Android phone and financial apps. 

    • When the malware gets launched into any device, it will hide its icon and make it invisible from the app drawer 
    • The malware then asks the user for Accessibility Services privileges in the form of fake updates 
    • Once the user grants permission for such requested Accessibility Services privileges, the malware allows itself additional permissions 
    • Additional permissions are needed to allow the bot to function completely without the victim’s knowledge
    • When this is done, the bot is already functional and is prepared to receive commands from the C2 server and performs various attacks continuously 

    The BlackRock Trojan works with various commands like Flood_SMS, Run_App, Spam-on_Contacts, and more  to infect the device. 

    Bottom Line

    Unlike its predecessors, the BlackRock malware is able to attack a lot of Android apps. Hence, Android users are recommended to only download authentic applications approved by Google Play Store. Users should stop downloading cracked apps, APK and XAPK files from third-party websites and unverified sources. 

    For complete protection from this malware, users must change passwords at regular intervals and use passwords that are complex. It is equally important to not click on links received through random emails and messages. Additionally, using an antivirus with behavioral and heuristic analysis features can also help prevent the threat.