BlackRock malware Release to steal user information
According to security researchers at ThreatFabric, a new Android malware called “BlackRock” is being released. This malware is designed to steal key user information.
How malware enters a victim's cell phone is installed as a “Google Update”. According to the observations, this infected file is being spread on sites and social networks. The infected file, after being downloaded and installed by the user, installs the malware file on the victim's mobile phone.
This malware has no icon after installation and the user will not notice its installation.
BlackRock malware attacks more than 370 applications in various kinds. These applications are generally active in the fields of finance, digital crypto-currencies, messengers, e-mail and mobile banking.
This malware has the ability to monitor applications running on the mobile phone background, and using this feature, if the user intends to use the applications in the target list, the malware creates a fake page before the user enters the application, from He requests a username and password. This technique is called Overlay. In the pictures below, some of these fake pages can be seen.
After receiving information from the user, the malware sends the stolen information to the attacker through various methods such as SMS or Internet connection.
Existence of widely used applications in Iran such as Telegram, Instagram, WhatsApp and Twitter in the list of targets of this malware, has posed many dangers to users and needs more attention in this area. Almost all popular applications, such as banking and messaging applications, have a two-step authentication mechanism with a long-term password. Using this security mechanism and having the ability to have passwords on time, can greatly ensure the security of your information even in the event of password theft. Apps must also be installed from reputable stores such as Google Play or the App Store. If the application you want does not exist in official stores for various reasons, such as sanctions, download and install it through the official website of the application developer.