I am writing to you about a recent news article around security risk posed by Android malware called Blackrock. We request you to read the details given below so as to safeguard yourself against this malware. This Android malware, if downloaded on your mobile device, can potentially steal your banking related information and hence important that you read and prevent your device from being compromised by this malware.
How does this malware compromise mobile device security?
If Blackrock is downloaded and launched on an Android smartphone, it will hide its app icon. It will then pose as a Google update and ask permission you to grant it Accessibility Services privileges. If this permission is allowed, the malware will give itself other permissions – including creating an admin profile on the phone for itself so that it does not need any more interaction or authorization from you. Once the malware has admin permissions, it is able to create an overlay on any of the apps that it targets for data collection. This means, for example, if a banking app is opened, it will ‘put’ up a fake screen on top of the app’s actual user interface. So when a user enters login details on this fake screen, the username and password is stolen from this fake screen.
The malware even targets social, messaging, lifestyle, and dating apps to steal credit card information. Reports say that of these 337 such apps are likely to be infected and as many as 111 apps are targeted just for credit card information theft, A concerning aspect of this malware is that along with this, the malware can hide from the app menu/app drawer so one will never know if it was installed. Moreover, if an attempt to install an antivirus app is made, the malware will keep redirecting you to the home screen so that it is not discovered and, thus, cannot be deleted.
How can you stay safe from this malware?
Do not download any apps from third-party app stores, also ensure that even for updates, your visit the play store. Use only the Google Play Store to download apps on your Android phone.
• Generally it’s a best practice to download/update apps from play stores such as Google play, iTunes (for iOS) etc.
• Always keep your mobile antivirus updated
• Preferably never store sensitive information on phone/website for auto-fill/automatic login options
Originally posted 2020-08-13 16:04:21.