Android Hit By New Banking Malware

John Lister's picture

A new strain of Android malware targets both social media accounts and online banking. It's a reminder of the risks of installing software from outside of the official Google Play store.

The malware is dubbed BlackRock and appears to ultimately derive from the code used in an attack called LokiBot. Now thought to be inactive, LokiBot attempted to gain access to financial accounts through banking and related apps. One technique involved using automated scripts to login to a PayPal account and transfer money to the scammers. (Source: threatfabric.com)

BlackRock looks to take the same tactics and extend them to target non-financial apps such as social networks and dating apps. The most likely explanation is that rather than simply trying to access and divert funds, the attackers want to access personal data. That could in turn be used for identity theft or to more convincingly pose as an authoritative source such as a bank. (Source: phonearena.com)

Bogus Permission Request

The malware hides its own icon so that it's not obvious it is on the device. It then asks for permission for the device to let it know when the user is interacting with an app, and for permission to view content on a window the user is interacting with.

Naturally many users would normally be hugely suspicious of such a request. The trick is that the malware uses fake details to make it appear the request is coming from "Google Update." The idea is many users may not read the details and instead assume it's simply a request to update apps or the operating system.

The malware then uses a bunch of sneaky tactics including running a keylogger to track what the user has typed it, and blocking many antivirus applications from running.

Play Store Unaffected

The good news is that it appears BlackRock can only get on to a device in the first place if the user installs a compromised app from a source other than the Google Play app store. At the moment it appears the malware wouldn't get through the Play store vetting process.

That means that although one of the big benefits of Android for some devotees is its open nature, most ordinary users face a simple choice: either stick to the official Google Play store for getting apps, or avoid running any apps handling sensitive data.

What's Your Opinion?

Have you ever used Android apps from sources other than the Play store? How confident are you about the security of apps on your device? Do you feel secure using financial apps or those involving personal data on a mobile device?

Rate this article: 
Average: 4.2 (10 votes)