Saturday, August 8, 2020

Black Rock Malware - Everything You Need To Know

With rapid digitization, digital threats are spreading. Amidst the pandemic situation, working on digital platforms has been considered the best way. But, it has also brought new risks with threats to sensitive data. These data if, become vulnerable, can cause danger. Recently, Black Rock Malware has penetrated the digital world. The information related to this malware is crucial to let one aware of it.

About Black Rock Malware:

Black Rock Malware is not new but derived from the leaked source code of one malware named Xeres. The Xeres, in turn, is also derived from the malware named LokiBot. It targets especially Bank based apps. Once targeted, it extracts vital information like passwords, customer ID, etc. These banking details can be used by someone to transfer money or do unauthorized transactions. This malware has been reported the first time by the digital security firm, ThreatFabric.

Working of Black Rock Malware:

If the user installs the Black Rock app, it monitors other apps. Because this app runs in the background, monitoring is possible. If the user enters the login details, the malware sends the information to a server. This server will store the information rendered by the malware for future usage that can hamper the user. BlackRock uses the phone’s accessibility feature and then uses an Android DPC (device policy controller) to provide access to other permissions. This accessibility allows the app to run in the background and get details when the user tries to log in to any app especially the banking app. 

This app hides in the background as the icon gets invisible once the user launches the app. Then it asks for the accessibility privileges. If granted, Black Rocks takes more accessibility by itself by adding more permissions. This allows us to make it operational without having further interaction with the user or victim anymore. The bot, then can receive commands and execute instructions.

Black Rock Malware - How it attacks:

Black Rock malware attacks by stealing the crucial data of the user. So, it is a data theft based app. It extracts data from some of the 300+ apps like Gmail, Netflix, Amazon, GooglePay, PayPal, eBay, and other banking apps. The report by ThreatFabric states that the malware steals login credentials including username and passwords, and sends prompt to users to enter payment credit card details. The data taken from the malware is done by a technique called overlays. It means that it places a fake window in the foreground. This window shows the app what the user has in his or her phone. When the user interacts with the app (fake one generated by the malware app), it stores the data. ThreatFabric researchers say BlackRock overlays happen towards phishing financial, social media, communications, dating, news, shopping, lifestyle, and productivity apps.

Other ways by which Black rock conducts intrusive operations:

  • Intercepts SMS

  • Performs SMS flooding

  • Start a specific app

  • Show custom notifications

  • Hamper mobile antivirus apps

  • Able to record typing keyboard

  • Contact spam

The malware is deadly as it can "deflect" the majority of antivirus applications. It also makes use of 'Android work profiles' to control the compromised device without requiring complete admin rights and instead of creating and attributing its own managed profile to gain admin privileges.

Cons of installing Black Rock malware:

  1. It tries to uninstall the antivirus apps on your phone. Hence, it opens vulnerability.

  2. Loss of credential data that can hamper the user.

  3. Unauthorized transactions from your credit card thus giving you heavy losses.

  4. Penetrate to social media apps by posting illegal posts or messages to your friends. 

The hacker may ask for a hefty ransom to relieve you from data accidents or expose to anywhere

Preventive Steps to be safe from Black Rock Malware:

  1. Do not download and install the app from an untrusted source.
  2. Review the app details before download and installation.
  3. Check the user review and additional information.
  4. Use device encryption and encrypt the SD card.

Apps That Are Vulnerable?

According to reports Black Rock malware is not only restricted to banking apps but it steals the credit card information from other apps like dating, communication, reading, entertainment, and music apps. Apps like Facebook Messenger, Instagram, PlayStation, TikTok, Twitter, WhatsApp, and YouTube are some of the targeted apps.

It has also been observed that the malware could also steal other credentials like username and passwords from apps like PayPal, Amazon, eBay, Gmail, Google Pay, Uber, Amazon, and Netflix among others.

No comments:
Write comments

Featured Post

WhatsApp New Privacy Polices Explained - Updated

WhatsApp New Privacy Policy & Its Issues There is a constant tussle going around data privacy. The data fiduciaries and soc...