Back to Blog

New Android Malware Now Steals Passwords For Non-Banking Apps Too

July 24, 2020

By: mirabiliscorp

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps—a total of 337 non-financial Android applications on its target list.

Dubbed “BlackRock” by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software.

“Not only did the [BlackRock] Trojan undergo changes in its code, but also comes with an increased target list and has been ongoing for a longer period,” ThreatFabric said.

“It contains an important number of social, networking, communication and dating applications [that] haven’t been observed in target lists for other existing banking Trojans.”

BlackRock does the data collection by abusing Android’s Accessibility Service privileges, for which it seeks users’ permissions under the guise of fake Google updates when it’s launched for the first time on the device, as shown in the shared screenshots.

Subsequently, it goes on to grant itself additional permissions and establish a connection with a remote command-and-control (C2) server to carry out its malicious activities by injecting overlays atop the login and payment screens of the targeted apps.

These credential-stealing overlays have been found on banking apps operating in Europe, Australia, the US, and Canada, as well as shopping, communication, and business apps.

Source: The Hacker News

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.