Fake Google Update Steals Private Data from 337 Apps
If you have an Android smartphone, you had better check whether any Google updates are really Google's. Security researchers from ThreatFabric warn users of BlackRock - a fake Google update that steals personal data from as many as 337 popular applications, including Netflix.
In their blog, the researchers wrote that what makes BlackRock special is its vast target list - it contains a great number of popular applications: networking, social, communication, and dating.
Many of those applications haven't been observed yet in target lists for other existing banking Trojans, the researchers noted. They speculatte that the cybercriminals who are behind BlackRock are trying to make use of growth in online communications in the last few months which occurred due to the pandemic.
How this malware work? BlackRock starts from becoming invisible to the user by hiding its icon from the app drawer. Then it requests access to the victim's apps, posing as a Google update. If the access is given, the malware may access various personal data within those apps, including messages.
Once the user grants the fake update the requested Accessibility Service privilege, BlackRock starts getting additional permissions. They are required for the bot to function without having to interact with the victim anymore. The bot is ready to receive commands from the C2 server and perform overlay attacks.
It means that before installing updates that pose as Google's, you should check whether any such updates are actually from Google.
To do this, please open Settings > System > System Updates. Tap on Check for Updates, and you will see if there are updates.
Jake Moore, a Cyber security specialist at ESET, an internet security company, said: "This malware is particularly well made and can easily camouflage itself as a genuine app and do some damaging spy work in the background." He advised users download apps only from trusted app stores and check app reviews.
This malware is capable of copying every single keystroke the user types, including passwords and security answers. So, it is sensible also to use password managers to paste any sensitive information into the corresponding fields. In such a case, the keylogger will log only use of the clipboard copy and paste function, rather than capturing the keystrokes pressed. It may help prevent stealing private data.