Android malware BlackRock may steal banking data, CERT-In issues advisory

New Delhi: The country's cyber security agency has issued an alert against an Android malware 'BlackRock', that has the potential to "steal" banking and other confidential data of a user.

The malware can extract credentials and credit card information from over 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps, the CERT-In said in an advisory.

The "attack campaign" of this 'Trojan' category virus is active globally, said the Computer Emergency Response Team of India (CERT-In), the national technology arm to combat cyberattacks and guard Indian cyber space.

First spotted in May, the BlackRock Android malware was initially reported by ThreatFabric earlier this month.

“Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. After investigation, it became clear that this newcomer is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. The source code of the Xerxes malware was made public by its author around May 2019, which means that it is accessible to any threat actor,” ThreatFabric analysts said in a research.

The research says that the target list of the BlackRock malware contains an important number of social, networking, communication and dating applications.

“So far, many of those applications haven't been observed in target lists for other existing banking Trojans. It therefore seems that the actors behind BlackRock are trying to abuse the grow in online socializing that increased rapidly in the last months due to the pandemic situation,” the research paper said.

BlackRock's target lists has 337 unique applications and several applications haven't been observed to be targeted by banking malware before.  Most targeted apps are related to banks operating in Europe, followed by Australia, the United States of America and Canada, ThreatFabric said.

“Those new targets are mostly not related to financial institutions and are overlayed in order to steal credit card details,” it says adding that most of the non-financial apps are social, communication, lifestyle and dating apps.

The researchers fear that the number of new banking Trojans will keep growing, leading to banking fraud and posing risks even for consumers who are not using mobile banking. It cites trojans like BlackRock that targets 3rd party apps.

"The second half of 2020 will come with its surprises, after Alien, Eventbot and BlackRock we can expect that financially motivated threat actors will build new banking Trojans and continue improving the existing ones," the research says.