Other Play Store apps ThreatFabric highlighted include Tinder, Reddit, WhatsApp, Skype, Grindr, Gmail, Pinterest and the official Google Play apps for Movies, Music and Books content. Security experts at the Netherlands-based firm first discovered the malware in May. The malware is not entirely new, with most of the malicious code derived from the Xerxes banking malware, which is a variant of LokiBot.
In a blog post online about the threat, ThreatFabric said the source code for Xerxes was made public last year which usually causes a domino effect in the release of other malware variants. BlackRock, one of these variants, acts on one hand as a banking trojan that attacks financial as well as cryptocurrency apps.
It has been known to target apps of banks that operate in Europe, as well as in Australia, the US and Canada. The malware utilises a number of features that allow it to remain under the radar and successfully harvest personal information from an Android device. It is capable of stealing SMS messages, trawling through the files stored on your Android phone, as well as acting as a keylogger to capture sensitive information – like passwords, email data, and sensitive banking login credentials.
But what separates BlackRock from other banking trojans is the huge number of non-financial Android apps it attacks. ThreatFabric said: “Interestingly, of the 337 unique applications in BlackRock’s target lists, many applications haven’t been observed to be targeted by banking malware before. Those ‘new’ targets are mostly not related to financial institutions and are overlayed in order to steal credit card details.
“Most of the non-financial apps are Social, Communication, Lifestyle and Dating apps. Most of the trending social and dating apps are included, the actors’ choice might have been driven by the pandemic situation, pushing people to socialised more online.
“It also seems that actors have made a particular effort on including dating apps, which wasn’t something common in targets list so far.”