300 apps hide a very dangerous virus: what are they

ThreatFabric's cyber researchers have discovered more than 300 apps infected with a very dangerous virus capable of stealing personal bank account data

There are no less than 337 infected Android apps found by ThreatFabric on the Play Store since an extremely dangerous malware was first identified in May 2020: BlackRock, a banking trojan that can empty our bank account.

BlackRock is just the latest member of a family of viruses that started in 2016 with LokiBot, then became MysteryBot (2018), then Parasite (2018), then Xerxes (2019) and, now, BlackRock. The operation of the latter malware is similar to that of its siblings, but the continuous development of similar but not the same code makes it difficult to detect new viruses as they appear in some app. BlackRock, therefore, has had plenty of time to spread to hundreds of apps and, most likely, many more will be discovered in the coming months.

How BlackRock works

BlackRock works in a fairly classic way for a Trojan: as soon as it enters the Android smartphone, via the app that carried it, it hides its icon from the app drawer to make itself invisible to the user. It then goes on to ask for accessibility permissions via a fake screen posing as Google Update. If the user clicks OK, the malware starts working in earnest, assigning itself more privileges until it has virtually complete control over the device.

Why BlackRock is dangerous

When BlackRock has taken control of the smartphone it can do several dangerous things. First, it tries to spread itself further by accessing your contact list and starting to send messages to everyone, even every 5 seconds. It sets itself as the SMS manager, to make sure that it controls this communication channel 100%. Then it can start or disable apps, including antivirus if any, and finally it can also take over the management of notifications. But the most dangerous thing of all is another: BlackRock can in fact do "Keylogging", that is it can spy and record the keys we press on the smartphone. And this is the main method used by this virus to steal access data to online banking accounts and credit cards registered on the device. Within a short period of time, this virus can get its hands on our money.

What apps are infected

Infected apps include everything from banking apps to applications that are widely used by younger users, especially for downloading and editing videos. The full list of infected apps already discovered by ThreatFabric has been published within the report.