Just when you thought that it was safe for your phone, new threats have emerged to steal your banking passwords off your phone. This threat is called Black Rock and is a banking Trojan. It is probably one of the most dangerous threats to arrive on our phones in years.
It was discovered by ThreatFabric and the code was derived from the old Xerxes malware which traces its roots back to the LokBot Trojan.
The new variant was discovered by analysts operating out of ThreatFabric. Looking at the history of evolution, it goes back a long way. Based on an analysis of the code, it is a derivative of the Xerxes banking malware, which traces its roots back to the LokiBot Trojan.
LikiBot was first discovered as rented malware. Its authors were booted from underground forums and then leaked its source code. MysteryBot was derived from the source code but contained some upgrades so it could work properly on Androids. Parasite appeared in 2018 as a direct successor of MysteryBot. PayPal automated scripts were added. The Xerxes threat was born from Parasite and after some attempts to offer it in underground forums, the code was made publicly available. In May 2020, Block Rock was spotted and we could see the successful evolution of this threat.
Black Rock also targets cryptocurrency wallet apps including Coinbase and BitPay. It conceals itself as a Google update that requests access to Accessibility Services which is a powerful feature. It will then grants itself additional privileges unbeknownst to the user. Then it can attack Microsoft Outlook, Gmail, Uber, Amazon, Netflix, and Google Pay.
This Trojan works through a technology called “overlays” which detects when a user attempts to use a legitimate app and it shows a fake window asking for login information and credit card information before allowing the user to access the app. The full list of apps can be found in the Black Rock report.
This is a deadly threat which can perform other intrusive operations such as:
• Intercept SMS messages
• Perform SMS floods
• Spam contacts with predefined SMS
• Start specific apps
• Log key taps (keylogger functionality)
• Show custom push notifications
• Sabotage mobile antivirus apps, and more
Currently, BlackRock is disguised as fake Google update packages offered on third-party sites, and the Trojan hasn’t yet been spotted on the official Play Store.
However, Android malware gangs have usually found ways to bypass Google’s app review process in the past, and at one point or another, we’ll most likely see BlackRock deployed in the Play Store.
So how do I protect myself from this vicious threat?
I recommend getting Malwarebytes for protection. It is worth every penny. It will block attempts by this Trojan and keep you safe. If you get it on your phone, call Perry’s Computer Repair at 443-783-2269 for speedy removal.