Banking Data Prowling!
According to the Computer emergency response team (India), more than 300 apps such as email, e-commerce apps, and social media apps, besides banking and financial apps credentials and credit card information can be extracted.
CERT-In mentioned that credentials can be extracted from over 300 apps such as email, e-commerce apps, and social media apps, besides banking and financial apps. Hence India’s cyber security agency has issued an alert against Android malware, dubbed ‘BlackRock’, that has the potential to “steal” banking and other confidential data of a user.
Computer Emergency Response Team of India (CERT-In) mentioned that the “attack campaign” of this ‘Trojan’ category virus is active worldwide. The national technology arm to combat cyberattacks and guard Indian cyberspace.
A new Android malware strain dubbed ‘BlackRock’ is equipped with data-stealing capabilities and it is attacking a wide range of Android applications, say experts.
According to the advisory “The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan.”
They are attacking Android devices that focus on social, communication, networking, and dating platforms. This malware’s target list has 337 applications including banking and financial applications and also non-financial and well-known commonly used brand name apps.
The activity of the virus is explained by the advisory.
“When the malware is launched on the victim’s device, it hides its icon from the app drawer and then masquerades itself as a fake Google update to request accessibility service privileges.”
They have also mentioned that They don’t need to interact with the defender once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further.
Furthermore advisory mentioned that “Threat operators can issue a number of commands for various operations such as logging keystrokes, spamming the victims’ contact lists with text messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, send spam and steal SMS messages and many more such activities.”
Anti-virus applications are struggling to deflect as the virus is deadly.
According to experts, it can be fatal as it does not require complete admin rights and instead creates and attributes its own managed profile to gain admin privileges which is the other feature of this Android Trojan which is making use of “Android work profiles” to control the compromised device.
Tips from the federal cyber security agency:
- Do not download and install applications from untrusted sources and use the reputed application market only;
- Always review the app details, number of downloads, and user reviews and check the ‘additional information’ section before downloading an app from the play store, use device encryption or encrypting an external SD card
- Avoid using unsecured, unknown Wi-Fi networks among others.
