The New Malware That Can Steal Passwords and Card Data

Posted by Norma Stratton on

There’s a new malware strain in town, and it definitely deserves your attention. Known as BlackRock, this Android malware is based on the leaked source code of the Xerxes malware and can target 337 apps, including email, media, and banking apps.

BlackRock works in the same manner as most Android malware. It can perform overlay attacks and is able to send, spam, and steal SMS messages. It can also lock victims in the home screen, hide or steal notifications, and deflect antivirus software. While this is similar in function to other Android banking Trojans, the key difference with BlackRock is the number of apps it targets.

Once it is installed on a victim’s phone and is launched, it will hide its icon from the app drawer. This makes it invisible to the user. It will monitor and detect when one of the target apps is opened. At this point, it will open an overlay that mimics the appearance of the actual app but is a fake. Users will then unwittingly enter their details such as login and card information. BlackRock sends this private data to a server while sending the user back to the real app.

Most of BlackRock’s overlays are aimed at phishing social media and financial apps, though it also includes overlays for phishing data from many other types of apps, such as news, lifestyle, dating, shopping, and productivity. Some of the popular apps it targets include Amazon, eBay, PayPal, Gmail, and Netflix. It has also stolen information from Facebook Messenger, Instagram, PlayStation, Twitter, YouTube, and several others. A complete list of targeted apps can be found in the report that was prepared by Threat Fabric, the mobile security firm that first discovered it.

How do you get BlackRock? Well, at the moment, it is being distributed on third-party sites disguised as a Google update package. It has as yet not been found on the official Play Store, but Android malware groups have managed to slip past Google’s app review process a number of times in the past, so it is not only possible but likely that BlackRock will eventually find its way there.

According to the report, most antivirus apps are made ineffective by the malware. Users should avoid apps from third-party sites and instead download applications that have been authenticated by the Google Play Protect program. It is also advisable to change passwords and include special characters in the new ones. Finally, as always, do not open unknown emails or download unknown attachments.


“We can’t yet predict how long BlackRock will be active on the threat landscape,” says ThreatFabric. They conclude that “the most important aspect is to take care of securing the online banking channels, making fraud hard to perform, therefore discouraging criminals to make more malware.”


Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense.

You can access my Free Ebook=> “WHAT’S AT STAKE FOR YOUR BUSINESS?” 

So, if you’re ready to put the right security in place. Contact me, I have traveled the globe Identifying security threats in Companies. I can help give your business a peace of mind as you move into the digital revolution. There’s no risk to talk with us about your business and you can stop the process any time.  But if you let us look under the hood, we’ll help you discover any potential problems before they impact your business or take your data. If everything looks good, we’ll tell you. However, if we discover symptoms of a growing threat, we’ll help you check them out to make sure you’re not exposed to catastrophic failure.

 To Learn More About Cyber Security => Safe Harbour.