The threat takes the form of a malware strain that’s being called BlackRock. It is a banking trojan that specializes in pilfering login and credit card information, which means that if you get infected, it’s likely to hit you hard.
The new variant was discovered by security researchers and analysts operating out of ThreatFabric. Based on an analysis of the code, it is a derivative of the Xerxes banking malware, which traces its roots back to the LokiBot trojan.
The key difference between this malware strain and the strains it was derived from is this: LokiBot and Xerxes focused their attention exclusively on banking and payment card information. BlackRock is equally interested in social media and dating site logins.
It’s a fairly stealthy piece of code, too, disguising itself as a Google Update, which requests Accessibility Services privileges and hiding its icon when it is launched. Even worse, once a victim grants the malware access to Accessibility Services, it will begin granting itself additional permissions out of the sight of the victim.
In addition to banking apps, BlackRock also targets a number of cryptocurrency wallet apps, including Coinbase, BitPay, and Binance, as well as popular apps like Microsoft Outlook, Gmail, Uber, Amazon, Netflix, and Google Play.
The researchers at ThreatFabric had this to say about their discovery:
“The second half of 2020 will come with its surprises, after Alien, Eventbot and BlackRock, we can expect that financially motivated threat actors will build new banking Trojans and continue improving the existing ones.
With the changes that we expect to be made to mobile banking Trojans, the line between banking malware and spyware becomes thinner, banking malware will pose a threat for more organizations and their infrastructure, an organic change that we observed on Windows banking malware years ago.”
All that to say, it’s a serious threat, so be on the alert for it.