Recently a security research team at ThreatFabric discovered a new Android malware that could target a list of multiple apps that requires user credentials to login including social, communication, and dating apps. The malware is called Black Rock. It is a banking Trojan - derived from the code of the existing Xerxes malware that is a known strain of the LokiBot Android trojan.
However, despite being derived from a banking Trojan, the malicious code seems to have more interest in non-financial apps than the banking apps. It pretends to be a simple Google update, and ask for permission to update the apps. Though after getting into the system, it hides its icon from the app gallery and moves the bad actors while being staying in the back.
The team found this malicious code in May, but they kept working to study it. As per the analyst team, the code can do far more than just stealing your user's login information. It can save and forward the credit card information as well. Although, it may sound like a regular malware, so far, it has acquired the ability to attack 337 apps, which is significantly higher than any of the already known malicious code. "Those ‘new' targets are mostly not related to financial institutions and are overlayed to steal credit card details," the team at ThreatFabric said in a blog post.
He malware is designed in such a way that it can overlay attacks, send, spam, and steal SMS messages. It can also lock the victim app in the launcher activity. By acting as a keylogger, it can record every key being hit and could help the hacker to gather all the information he needed. Furthermore, they have found that due to its unique nature, it can deflect the usage of antivirus software such as Avast, AVG, BitDefender, Eset, Trend Micro, Kaspersky, or McAfee.