‘BlackRock’ Android Malware Can Steal Credit Card Details, Warns CERT-In

Jul. 31, 2020

India’s top cyber-security agency, CERT-In, has issued an advisory about the ‘BlackRock’ Android malware. According to researchers, the Trojan can expose banking credentials and other critical data to cyber-criminals. It can extract login credentials and credit card information from a wide range of banking apps. Themalwarecan also steal private data from email apps, e-commerce apps and social media apps, CERT-In warned.

“It is reported that a new Android malware strain dubbed ‘BlackRock’ equipped with data-stealing capabilities, is attacking a wide range of Android application. (sic) It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking and financial apps etc”, the agency said. To mitigate the threat, CERT-In is advising not to install apps from unknown sources.

Meanwhile, BlackRock targets 337 Android apps, which is significantly higher than any known malicious code. According to the researchers, when the malware is launched on the victim’s device, it hides its icon from app drawer. It then disguises itself as a Google update to request accessibility service privilege. Once this privilege is granted, it create additional permissions for itself. Those additional permissions allow it to steal data without any further interaction with the user.

Passionate techie. Professional tech writer. Proud geek.