BlackRock es derivado del código fuente del malware bancario
Xerxes, una variante del troyano LokiBot Android.

Una de las peculiaridades de BlackRock, es que apunta a
aplicaciones no financieras de Android, como redes sociales, mensajería instantánea
y plataformas de citas. BlackRock utiliza la solicitud de privilegios del Servicio
de Accesibilidad, camuflándose para solicitarlo y ocultando su icono cuando se
inicia. A la hora de actuar, necesita permisos adicionales para que el bot
funcione completamente y así la víctima, no tiene que interactuar con la misma.

El atacante que ha infectado el dispositivo puede realizar
diferentes funciones de forma remota, como son ataques de superposición, lanzar
commands for logging keystrokes, sending spam to the list of
the victims' contacts, setting up the malware as the administrator of
default SMS and blocking the victims so they cannot start up or
use antivirus or system cleaning software.

When creating BlackRock, the creators took into account
that there were no unnecessary features from Xerxes' code,
removing capabilities that were not useful for their objectives to steal
login credentials and financial information.

BlackRock has a large list of applications for
credential theft, some 226 such as Microsoft Outlook, Gmail, Uber,
Amazon, Netflix, all of them from Google Play services, and many others from
banking or cryptocurrency wallet applications, Santander, Barclays,
ING, RBS, Bitplay, Binance y Coinbase.

Otra lista, es la de aplicaciones que contienen tarjetas de
crédito para su robo, some 111 en total, entre otras son Telegram, WhatsApp,
Twitter, Skype, Instagram, Facebook y Play Store.


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »