Android warning: Fake Google update can steal data from 337 apps...

Researchers from ThreatFabric have warned of a fake Google update called BlackRock, that can steal your personal data from 337 apps, including Netflix and Tinder.


From Google to Samsung, Android smartphones are some of the most popular handheld devices around the world. But if you use an Android smartphone, you may want to be wary about any Google updates you’re prompted to make.

Researchers from ThreatFabric have warned of a fake Google update called BlackRock, that can steal your personal data from 337 apps, including Netflix and Tinder.

In a blog about the findings, the researchers explained: “One of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications. “So far, many of those applications haven't been observed in target lists for other existing banking Trojans.
“It, therefore, seems that the actors behind BlackRock are trying to abuse the grow in online socializing that increased rapidly in the last months due to the pandemic situation.”

The malware, dubbed BlackRock, starts by hiding its icon from the app drawer, making it invisible to the user. It then poses as a fake Google update, and requests access to your apps. If you grant this request, the malware can access your personal data within those apps, including your messages.

The researchers explained: “Once the user grants the requested Accessibility Service privilege, BlackRock starts by granting itself additional permissions. "Those additional permissions are required for the bot to fully function without having to interact any further with the victim. “When done, the bot is functional and ready to receive commands from the C2 server and perform the overlay attacks.”

Based on the conclusions, make sure you check any updates requests are actually from Google.

To do this, open Settings > System > System Updates. Tap on Check for Updates to see if you have something new.

Speaking to Mirror Online, Jake Moore, a Cybersecurity specialist at internet security company ESET, said: “This malware is particularly well made and can easily camouflage itself as a genuine app and do some damaging spy work in the background. It is vital you know what apps you are downloading by checking reviews and only using trusted app stores to avoid unknowingly downloading something more illicit.

"Once on your device this malware can copy every single keystroke you type so if this includes your passwords or security answers, they will be stolen instantly without your knowledge.
"One way to protect yourself from keyloggers is to use a password manager so when you need to place any sensitive information in the corresponding fields, you simply copy and paste them in from the manager resulting in the keylogger only logging that you used the clipboard copy and paste function rather than capturing your private credentials.”

Researchers from Check Point have also warned Android users about 11 dangerous apps that can infect your smartphone with dangerous malware and told to delete these 11 apps now. This includes a flower wallpapers app, an alarm app, a memory game, a file-recovery app, and several apps that offer cheery messages or relaxation.

The full list of the 11 dangerous apps:

  • com.hmvoice.friendsms
  • com.relax.relaxation.androidsms
  • com.cheery.message.sendsms
  • com.cheery.message.sendsms
  • com.peason.lovinglovemessage
  • com.file.recovefiles
  • com.LPlocker.lockapps
  • com.remindme.alarm

The apps contain a type of malware dubbed Joker, which is one of the most famous types of malware for Android.

In a blog, Check Point researchers explained: “Joker, one of the most prominent types of malware for Android, keeps finding its way into Google ’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers.
“This time, however, the malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.”

According to the researchers, Joker hid in ‘seemingly legitimate applications’ and installed ‘additional’ malware onto the devices of unsuspecting users. Once installed, the malware then ‘subscribes the user to premium services without their knowledge or consent.’

Thankfully, all the apps have now been removed from the Google Play Store.
However, if you suspect that you may have one of these apps on your smartphone, Check Point advises that you:

* Uninstall the infected application from the device.
* Check your mobile and credit-card bills to see if you have been signed up for any subscriptions and unsubscribe if possible.
* Install a security solution to prevent future infections.

- Source: Mirror
Reactions Comment Share