Original topic:

This Android malware can steal your banking info from WhatsApp, Google Pay, SBI.

(Topic created on: 07-20-2020 08:34 PM)
Expert Level 3
Tech Talk

BlackRock malware can read everything you type on your smartphone

It can steal your credit card information, netbanking login, and more

It doesn't let antivirus apps download on your smartphone

Apps affected by BlackRock include Instagram, Gmail, YouTube, and many more

A new malware, named BlackRock, has been found to be stealing user data as well as banking details that users provide the apps it targets. It has been found to infect apps such as Google Pay, Amazon, YONO Lite by SBI, Uber, Netflix, IDBI Bank Go Mobile+, iMobile by ICICI, Microsoft Outlook, HSBC, Oxigen Wallet, and MobiKwik, among others, to steal user information. The total apps that it affects so far go up to 337. Targeting Android phones, this malware has only been spotted on third-party app stores so far – so if you download apps only from Google Play Store, your smartphone should not be affected.

What is BlackRock malware?

BlackRock is a trojan and a variant of the Xerxes malware, which was developed using the LokiBot. However, compared to its predecessors, BlackRock has a much bigger target list. Moreover, unlike previous trojans, which targeted only banking apps, the new malware targets not just banking apps but also apps related to social media, messaging, dating, e-books, music and videos, news, etc. It was discovered in May this year by Dutch cybersecurity firm ThreatFabric.

Which apps are affected by BlackRock malware?

While BlackRock malware itself does not have a lot of new features that previous trojans haven't had, what makes it special is the list of apps it targets. The list of apps that BlackRock targets is rather huge by trojan standards and includes, but is not limited to, the following apps:

YONO Lite by SBI

iMobile by ICICI

IDBI Bank Go Mobile+



Oxigen Wallet


Amazon Shopping


WhatsApp Messenger

WhatsApp Business

Google Pay



Google Play Music

Facebook Messenger


Facebook Lite






Twitter Lite



Play Store




Microsoft Outlook

Yahoo Mail



Amazon Seller


Skype Lite

Along with the banking, shopping, messaging, and dating apps, there are a number of cryptocurrency wallets that are targeted for data theft by the malware.

What can BlackRock malware do?

BlackRock's features are not too powerful and similar to what we have seen on earlier trojans. It can:

Perform overlays,

Spam your Messages inbox,

Read all your text messages,

Forward SMSes you receive to the hacker's servers,

Send SMSes to others,

Read everything you type on the phone,

Lock your phone's screen,

Collect your device information,

See all the notifications you get, and

Grant itself permissions on your phone

Along with this, the malware can hide itself from the app menu/ app drawer so you will never it was installed. Moreover, if you try to install an antivirus app, it will keep redirecting you to the home screen so that it is not discovered and, thus, cannot be deleted. Avast, AVG, BitDefender, Eset, Symantec, TrendMicro, Kaspersky, McAfee, and Avira antivirus apps will not be allowed to download on your phone. Even apps such as TotalCommander, SD Maid, and Superb Cleaner, which clean Android devices, will not be downloadable.

How does BlackRock work?

When BlackRock is first launched on your Android smartphone, it will hide its app icon. Then it will pose as a Google update and ask you to grant it Accessibility Services privileges. Once it has Accessibility privileges, it will give itself other permissions – including creating an admin profile for your phone for itself – so that it doesn't need any more interaction or authorization from you.

Once the malware has all the permissions, it will be able to create an overlay on any of the apps that it targets for data collection. This means, for example, if you open the YONO Lite app by SBI, it will ‘put' a **bleep** screen on top of the app's actual UI – when you enter your details on the **bleep** screen, it can steal your username and password from this overlay.

The malware even targets social, messaging, lifestyle, and dating apps to steal credit card information. Of these 337 infected apps, as many as 111 apps are targeted for just credit card info theft, including WhatsApp, WhatsApp Business, Twitter, Twitter, Lite, Snapchat, Telegram, Skype, Skype Lite, Instagram, IGTV, Facebook, Facebook Messenger Lite, YouTube, Play Store, Reddit, Pinterest, Hangouts, and Tinder. However, as mentioned earlier, if you have not downloaded any apps from third-party app stores and only use the Google Play Store to download apps on your phone, your smartphone should not be infected

Let us beware and avoid this.
Active Level 10
Tech Talk
yellow text not readable
Expert Level 4
Tech Talk
ok.good information
Active Level 6
Tech Talk
How to identity and stop it from affecting our mobile?
Tech Talk
his malware has only been spotted on third-party app stores so far – so if you download apps only from Google Play Store, your smartphone should not be affected.

it will pose as a Google update and ask you to grant it Accessibility Services privileges.
Active Level 6
Tech Talk
Ohk. Thanks for the information. I download apps from play store or galaxy store only.