BlackRock malware is yet another threat that Android users have to worry about. This newly-discovered malware can attack a variety of different apps, stealing your information in the process.
Before you download another app, make sure you know what BlackRock malware is, and how you can protect yourself.
What Is BlackRock Android Malware?
In May 2020, security company, ThreatFabric, discovered a digital danger that affects Android devices: BlackRock malware.
However, analysts quickly discovered that BlackRock malware actually isn't a new threat. BlackRock malware stems from the leaked Xeres malware source code, which is a type of LokiBot banking Trojan.
Despite being based on a banking Trojan, BlackRock malware doesn't just affect banking apps. It also targets shopping, lifestyle, social, entertainment, and even dating apps. This widespread coverage makes it especially dangerous.
In fact, it has 337 apps on its target list, some of which you might use on a daily basis. Its target apps aren't limited to one country either---it tackles apps across Europe, North America, and Australia.
ThreatFabric displays the entire target list in its report. Some apps on its list include Gmail, Netflix, Snapchat, eBay, Twitter, TikTok, Facebook Messenger, PayPal, and more.
So far, BlackRock malware hasn't been found on the Google Play Store. It currently attacks apps downloaded from third-party sites, but this doesn't mean that BlackRock malware will never appear on the Google Play Store. Aggressive hackers can still find ways to bypass Google's security protocols.
How BlackRock Malware Steals Your Information
When BlackRock malware appears on your device, an unknowing user might never realize it. It uses a tactic known as an "overlay," which is a phony window that pops up over a legitimate app. The overlay blends in with the app, so it's difficult to tell whether the pop-up is part of the app or not.
The window will prompt you to enter your login information and credit card number before you can even start using the legitimate app. This allows it to get hold of your information right off the bat.
It infiltrates your device in the first place by getting Accessibility Services permissions. When you install an infected app, it'll prompt you to enable a fake Google Update. Accepting the "Google Update" allows it to intervene with your device.
If you aren't familiar with an Android's Accessibility feature, you should know that it's one of the most powerful functions on your device. It's meant to help Android owners with disabilities, but Accessibility Services can be used to hack your phone as well. This feature can automate a variety of tasks for the user, including tapping the screen, reading text aloud, and even creating captions.
Giving BlackRock permission to use Accessibility Services allows it to create the overlay you'll see when opening the target app. It also gives the malware additional abilities, as it will then proceed to use an Android DPC (device policy controller) to grant itself administrator privileges.
In other words, it doesn't just steal the sensitive information you type into its overlay---it can actually do much more than that. Not only can BlackRock intercept SMS messages, hide notifications, and lock your screen, but it can also engage in keylogging. That said, you definitely don't want this malware on your device.
How to Protect Yourself From BlackRock Malware
As mentioned earlier, BlackRock hasn't yet been found on the Google Play Store. But just because it's currently attacking apps from third-party app stores, that doesn't mean that it'll never find its way to Google Play.
ThreatFabric states that it "can't yet predict how long BlackRock will be active on the threat landscape." In the meantime, it's important to keep some precautions in mind before downloading apps.
Why an Anti-Virus App Won't Cut It
It's not a bad idea to have an antivirus app on your smartphone, but unfortunately, an antivirus app won't stop the BlackRock malware. When BlackRock infiltrates your phone, it has a feature that blocks you from using an antivirus app.
As soon as you open an antivirus or an Android cleaner app, such as Avast, Kaspersky, McAfee, BitDefender, or Superb Cleaner, BlackRock will immediately redirect you to your Home screen. This prevents you from removing the malware using an antivirus app.
So, if you download a sketchy app from a third-party store, and think that an antivirus app will keep you safe from all threats, think again.
Check App Permissions
You should keep an eye on app permissions no matter how legit an app may seem. Some apps ask for permissions that have nothing to do with the core function of the app.
For example, a flashlight app obviously doesn't need access to your SMS messages. This is a sign that you should uninstall the app immediately.
Since BlackRock malware asks for Accessibility Services permissions, you'll want to look out for any apps that require that specific privilege. If an app is legitimately for disabled users, has good reviews, and is from the Google Play Store, you can likely trust granting the Accessibility Services permission. Otherwise, avoid giving that privilege to any apps that don't need it.
Only Download Apps From the Google Play Store
Google Play Protect was put in place to scan your installed apps for malware as soon as you download them, as well as scan them periodically once installed. Third-party app stores don't have this safety feature, so you're pretty much on your own in terms of security.
The lack of security protocols on third-party stores has allowed BlackRock malware to thrive. To lower your risk of encountering BlackRock malware, try to avoid third-party apps stores, and refrain from downloading APKs.
Keeping Your Android Device Safe
Hopefully, BlackRock malware will never hit the Google Play Store. There's really no telling if the actors behind BlackRock malware can find a loophole in Google's security policies, but if they succeed, BlackRock malware could accrue a substantial number of victims.
If BlackRock ever does get onto the Google Play Store, it wouldn't be too surprising. After all, several apps containing Joker malware still managed to make their way on the Google Play Store despite Google's strict security protocols.