NEW DELHI :
India’s cyber security agency has issued an alert against an Android malware, dubbed ‘BlackRock’, that has the potential to “steal” banking and other confidential data of an user.
The Computer Emergency Response Team of India (CERT-In) in an advisory said the Android malware can extract credentials and credit card information from over 300 apps such as email, e-commerce apps, social media apps, besides banking and financial apps.
The CERT-In, national technology arm to combat cyberattacks and guard Indian cyber spac, said the cyber attack of this ‘Trojan’ category virus is reported active across globe.
The cyber security agency said “the malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan.”
The “noteworthy feature” of this malware is that its target list contains 337 applications including banking and financial applications, and also non-financial and well-known commonly used brand name apps on an Android device that focus on social, communication, networking and dating platforms, the advisory added.
The CERT-In advisory said the malware can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking and financial apps etc,” .
“When the malware is launched on the victim’s device, it hides its icon from app drawer and then masquerades itself as a fake Google update to request accessibility service privileges.”
“Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further without interacting with user,” it advisory added.
The CERT-In said the hackers can issue a number of commands for various operations such as logging keystrokes, spamming the victims’ contact lists with text messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, send spam and steal SMS messages and many more such activities.
The virus is deadly as it has the capability to “deflect” majority of anti-virus applications, the CERT-In said.
The CERT-In said, this Trojan virus can make use of “Android work profiles” to control the compromised device without requiring complete admin rights and instead creating and attributing its own managed profile to gain admin privileges.
Suggesting some counter-measures against the BlackRock malware, the cyber security agency asked the users not to download, install applications from untrusted sources and use reputed application market only. The agency asked the users to always review the app details, number of downloads, user reviews and check ‘additional information’ section before downloading an app from play store, and also suggested to use device encryption or encrypt external SD card and avoid using unsecured, unknown Wi-Fi networks.