How does BlackRock steal user details?

BlackRock malware functions just like any other Android malware. According to researchers at ThreatFabric, the BlackRock malware is based on the leaked source code of another malware strain Xerxes which in turn is based on other malware strains. The new malware is enhanced with more features related to stealing passwords and credit card details.

The report suggests that the malware steals login credentials including username and passwords) and sends prompt to users to enter payment credit card details.

The trojan collects data through a technique called “overlays”. It basically detects when a user interacts with a legitimate app and places a **bleep** window on top that asks for login and credit card details before the user enters the actual app.

ThreatFabric researchers say BlackRock overlays happen towards phishing financial, social media, communications, dating, news, shopping, lifestyle, and productivity apps.

Once the app is installed on a smartphone, the trojan first asks the user to grant access to the phone’s Accessibility feature. It then users the Accessibility feature to grant itself access to other Android permissions. Then uses an Android DPC for access to admin. The malware then uses this access to display overlays to collect user credentials and credit card details.

Researchers at ThreatFabric, however, say the BlackRock malware can also perform other intrusive operations. The list is as follows:

–Intercept SMS messages
–Perform SMS floods
–Spam contacts with predefined SMS
–Start specific apps
–Log key taps (keylogger functionality)
–Show custom push notifications
–Sabotage mobile antivirus apps, and more

The report states that BlackRock is distributed as **bleep** Google update packages offered on third-party websites and has not been spotted on Google Play Store yet.