Scary Android malware targets hundreds of popular apps, but you shouldn't delete them all

Scary Android malware targets hundreds of popular apps, but you shouldn't delete them all
Another day, another major Android threat discovered by security researchers as it lurks in the shadows in anticipation of its time in the mischievous limelight. In a way, this BlackRock malware detected and rigorously documented by the folks over at ThreatFabric can be considered even scarier and more dangerous than the Joker virus that made headlines recently or other similar security vulnerabilities found to stem from largely shady apps in the past.

That's because BlackRock was exposed as targeting a long list of reputable and crazy popular Android apps, including everything from PayPal to Gmail, Yahoo Mail, Uber, Netflix, eBay, Amazon, Telegram, WhatsApp, Twitter, Snapchat, Skype, Instagram, Facebook, YouTube, Reddit, TikTok, Tumblr, Pinterest, Tinder, Grindr, and even Google's own Play Store. In total, we're talking no less than 337 potential victims.

For many people, that might be pretty much everything they use on their mobile devices on a regular basis, so obviously, the solution to this problem is not to delete all these apps and seek less popular alternatives. Instead, you should merely be careful about what you install and especially where you install your apps and updates from.

The apps themselves are not malicious


As you can imagine, the aforementioned apps, social networking, communication, and dating services are not dangerous by themselves, rather being targeted precisely due to their worldwide success and mass appeal by a banking Trojan that hasn't managed to slip through Google's Play Store filters yet.


In other words, you have nothing to worry about, at least as far as this particular virus is concerned, if you download everything from an official source. The danger surfaces when you're prompted to install "Google updates" from third-party sources, which is a massive red flag.

Unfortunately, it's not entirely clear what you can do to clean your phone of the BlackRock malware if you fall prey to such a vicious and insidious attack that will quickly spread across your system without leaving a trace. That's because the Trojan will prevent most antivirus programs from starting in addition to phishing everything from your financial information to social media usernames and passwords.

Naturally, the main goal is to steal credit card details, but various app credentials will also do for the bad actors behind BlackRock, and you can expect your text messages to be hijacked as well.

A simple but incredibly ambitious virus


While far from new or innovative at its core, this chilling banking Trojan does a few things differently from its forerunners, dubbed LokiBot, MysteryBot, Parasite, and Xerxes. Instead of adding new features and increasing its complexity, which is usually the case in this dark and malevolent world, BlackRock is actually keeping things simpler than ever, with a focus on the most "useful" functions in terms of stealing personal information.


What is expanded compared to previous banking malware is the target list, with an unusually high number of "trending" social and dating apps joining the typical group of financial services from institutions located in the US, as well as Australia, Canada, and various European countries. 

Basically, BlackRock is casting a wider net than any of its predecessors, making sure pretty much no one that uses an Android phone nowadays is safe, no matter where you live, what device you use, how you like to connect with friends and make new ones, or what online banking channel you prefer.

Still, the simplest, safest, and most foolproof way to stay protected from this type of threat remains to never rely on a third-party app store, as well as install a reliable antivirus solution before suspecting a cyberattack, and periodically check your app permissions, as well as your credit card statements for any unauthorized or shady transactions. 

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless