Researchers have discovered a brand new Android malware that targets an extensive list of more than 300 different applications.
Uncovered by security firm ThreatFabric, the BlackRock banking Trojan is designed to hoodwink victims into revealing personal and financial data.
According to researchers, the malware has a relatively limited set of attributes, but still allows its operators to perform overlay attacks, steal SMS messages, lock the victim in the home screen and deflect Android antivirus software.
While most banking Trojans typically take aim at banking services exclusively, BlackRock targets a range of other popular apps, including Tinder, TikTok, Facebook, Instagram, Twitter, Grinder, Netflix and many more.
Analysis suggests the new Android malware is a variant of (or successor to) the infamous LokiBot Trojan, which was highly active back in 2017 and has been iterated on a number of times since then.
The BlackRock banking Trojan might not be the world’s most complex Android malware – in fact, it contains fewer facilities than its predecessor (LokiBot derivative Xerxes) – but does manage to establish a measure of persistence.
According to ThreatFabric, the Android malware is set to redirect the victim to the home screen whenever popular antivirus apps are launched, from household names such as Avast, AVG, Kaspersky, McAfee and more.
BlackRock also exhibits a unique trait that allows the malware to give itself unlimited access privileges, by manipulating an Android feature that companies use to define a device policy controller (DPC).
The malware’s most curious quality, however, is its large and ranging list of targets, which appears to hint at the strategy adopted by its creators.
Many of the 337 distinct target applications have never before been the focus of an Android banking Trojan and the high volume of social and dating applications on the hit list points to a concerted effort to capitalize on the pandemic, which has forced people to embrace digital forms of communication.
“Although BlackRock poses a new Trojan with an exhaustive target list, looking at previous unsuccessful attempts of actors to revive LokiBot through new variants, we can’t yet predict how long BlackRock will be active on the threat landscape,” noted ThreatFabric in a blog post.
“The number of new banking Trojans will continue to grow, bringing new functionalities to increase the success rate of fraud while fraud becomes a growing risk even for consumers not using mobile banking.”
Android users are advised to protect all online accounts with multi-factor authentication (MFA) and to download content only from trusted sources.