Nordic IT Security
Featuring: The Stay Secure Bulletin

Your weekly 2 minute must read

Banking Data Prowling!

According to the Computer emergency response team (India), more than 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps credentials and credit card information can be extracted.

Banking Data Prowling!

Author Saif Ahmed Bhuiyan | NITS DiGi, July 31, 2020

CERT-In mentioned that credentials can be extracted from over 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps. Hence India’s cyber security agency has issued an alert against an Android malware, dubbed ‘BlackRock’, that has the potential to “steal” banking and other confidential data of an user.

Computer Emergency Response Team of India (CERT-In) mentioned that the “attack campaign” of this ‘Trojan’ category virus is active world wide. The national technology arm to combat cyberattacks and guard Indian cyber space.

A new Android malware strain dubbed ‘BlackRock’ equipped with datastealing capabilities and it is attacking a wide range of Android applications, says experts.

According to the advisory “The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan.”

They are attacking Android devices that focus on social, communication, networking and dating platforms. This malware’s target list has 337 applications including banking and financial applications and also non-financial and well-known commonly used brand name apps.

Activity of the virus explained by the advisory.

“When the malware is launched on the victim’s device, it hides its icon from the app drawer and then masquerades itself as a fake Google update to request accessibility service privileges.”

They have also mentioned that They don’t need to interact with the defender once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further.

Furthermore advisory mentioned that “Threat operators can issue a number of commands for various operations such as logging keystrokes, spamming the victims’ contact lists with text messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, send spam and steal SMS messages and many more such activities.”

Anti-virus applications are struggling to deflect as the virus is deadly.

According to experts, it can be fatal as it does not require complete admin rights and instead creates and attributes its own managed profile to gain admin privileges which is the other feature of this Android Trojan which is making use of “Android work profiles” to control the compromised device.

Tips from the The federal cyber security agency:

  • Do not download and install applications from untrusted sources and use reputed application market only;
  • Always review the app details, number of downloads, user reviews and check ‘additional information’ section before downloading an app from play store, use device encryption or encrypt external SD card
  • Avoid using unsecured, unknown Wi-Fi networks among others.

Related Posts