New Android malware found capable of stealing passwords, credit card data
While the malware can steal passwords and login credentials, it can also prompt the user to enter payment details within apps that deal with financial transactions
A new Android malware is plaguing applications. To be precise, the malware is capable of targeting 337 applications and rob users of critical information like passwords and even credit card information.
According to a report by ZDNet, the new malware is called Blackrock and it surfaced in the month of May. The report claims that a security firm called ThreatFabric was the first one to spot it.
According to the researchers, the new malware uses the source code of another malware strain. However, this new malware gets additional features which give it the ability to steal passwords and credit card information. One of the biggest differences, in comparison to other Android malware, is that it can target many more applications.
The researchers claim that this malware uses something called 'overlays' which masks the original app and asks for payment data. This happens before the user is allowed to enter the official application.
While the malware can steal passwords and login credentials, it can also prompt the user to enter payment details within apps that deal with financial transactions.
The BlackRock masks itself be asking for Android permissions using the Accessibility feature, then it uses an Android DPC (device policy controller) in order to provide access to other permissions. According to the report, ThreatFabric claims the trojan can also perform other intrusive operations such as Intercepting SMS messages, perform SMS floods, spam contacts with predefined SMS, Start specific apps, Log key taps, Show custom push notifications, Sabotage mobile antivirus apps and more.