India’s top cybersecurity arm of the government CERT-In has issued an advisory alerting people about an android malware “BlackRock”, which is roaming in cyberspace and has the potential to “steal” critical banking and other confidential data of users of smart devices. It can extract credentials and credit card information from over 300 apps such as email, e-commerce apps, social media apps, besides banking- and financial apps, the Computer Emergency Response Team of India (CERT-In) said in an advisory.
The “attack campaign” of this ‘Trojan’ category virus is active globally, said the CERT-In, the national technology arm to combat cyberattacks and guard Indian cyberspace.
According to CERT-In advisory, the “noteworthy feature” of this malware is that its target list contains 337 applications, including banking and financial applications, and also non-financial and well-known commonly used brand name apps on Android devices that focus on social, communication, networking, and dating platforms.
“The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan,” the advisory said. The advisory described the infection activity of the virus. “When the malware is launched on the victim’s device, it hides its icon from app drawer and then masquerades itself as a fake Google update to request accessibility service privileges.”
Meanwhile, on the issue of cybersecurity in the Indo-Pacific region during the COVID-19 pandemic, the Australian High Commission in India, in a statement said, in recent months, “malicious cyber actors have sought to take advantage” of the situation. “We will work through multilateral and regional institutions to strengthen rule-based cyberspace. Australia has announced a record boost to cybersecurity spending- more than Rs. 7,000 crore (AUD 1.35 billion) recruit 500 new experts,” it said.
Threat operators can issue a number of commands for various operations such as logging keystrokes, spamming the victims’ contact lists with text messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, locking the victim in the device home screen and steal and hide notifications, send spam and steal SMS messages and many more such activities, the advisory said. The virus is deadly as it has the capability to “deflect” the majority of anti-virus applications. “Another feature of this Android Trojan is making use of “Android work profiles” to control the compromised device without requiring complete admin rights and instead of creating and attributing its own managed profile to gain admin privileges,” it said.
The federal cybersecurity agency suggested some counter-measures: do not download and install applications from untrusted sources and use reputed application market only; always review the app details, number of downloads, user reviews, and check ‘additional information’ section before downloading an app from play store, use device encryption or encrypt external SD card; avoid using unsecured, unknown Wi-Fi networks among others. Also, when it comes to downloading banking apps one should use the official and verified version and users should make sure they have a strong AI-powered mobile anti-virus installed to detect and block this kind of tricky malware, the advisory said.
By Vivek Badoni
Member, Reporters’ Committee