New android malware was found stealing passwords from both banking and non-banking apps.
The malware was found to steal passwords of social media, dating, and cryptocurrency apps. The malware has a total of 337 non-banking apps from which it can steal the credentials.
Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps. The malware was named BlackRock and it has an ability to exploit Android’s Accessibility Service privileges.
The malware also connects to a C2 (Command and Control) server and then injects overlays on top of the login and payment screens of the targeted apps.
The target list of apps contains famous applications like Tinder, TikTok, PlayStation, Facebook, Instagram, Skype, Snapchat, Twitter, Grinder, VK, Netflix, Uber, eBay, Amazon, Reddit, Tumbler, etc. BlackRock has targeted many apps irrespective of their domain and have stolen from almost all of them.
NPAV recommends users to always be aware of the permissions that you are granting to any application on your phone. Always use the application which are from genuine publisher and refrain from downloading from untrusted source.
Install NPAV android application and keep your device protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.