"A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications."
"The trojan will steal both login credentials (username and passwords), where available, but also prompt the victim to enter payment card details if the apps support financial transactions."
"...the data collection takes place via a technique called "overlays," which consists of detecting when a user tries to interact with a legitimate app and showing a fake window on top that collects the victim's login details and card data before allowing the user to enter the intended legitimate app."
"...vast majority of BlackRock overlays are geared towards phishing financial and social media/communications apps."
"Once installed on a device, a malicious app tainted with the BlackRock trojan asks the user to grant it access to the phone's Accessibility feature."
"The Android Accessibility feature is one of the operating system's most powerful features, as it can be used to automate tasks and even perform taps on the user's behalf."
"BlackRock uses the Accessibility feature to grant itself access to other Android permissions and then uses an Android DPC (device policy controller, aka a work profile) to give itself admin access to the device."
"..the [BlackRock] trojan can also perform other intrusive operations, such as:
- Intercept SMS messages
- Perform SMS floods
- Spam contacts with predefined SMS
- Start specific apps
- Log key taps (keylogger functionality)
- Show custom push notifications
- Sabotage mobile antivirus apps, and more"
Best Practice:
1. DO NOT download Android apps from ANY SOURCE other than Google's Play store.
2. Update your Android-based mobile device REGULARLY. Apply security patches and updates when they become available.
3. DO NOT click on links or download attachments from sources you were not expecting.
4. Audit your phone. REMOVE any outdated app OR any app you haven't used in the last 120 days.