BlackRock New Android malware could steal passwords and banking details from 337 apps

Android apps targeted by this new trojan include banking, dating, social media, and instant messaging apps.

A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications.

Named BlackRock, this new threat emerged in May this year and was discovered from mobile security firm ThreatFabric.

Researchers say the malware was based on the leaked source code of another malware strain (Xerxes, based itself on other malware strains) but was enhanced with additional features, especially on the side that deals with the theft of user passwords and credit card information.

BlackRock still works like most Android banking trojans, though, except it targets more apps than most of its predecessors.

The trojan will steal both login credentials (username and passwords), where available, but also prompt the victim to enter payment card details if the apps support financial transactions.

Per ThreatFabric, the data collection takes place via a technique called "overlays," which consists of detecting when a user tries to interact with a legitimate app and showing a fake window on top that collects the victim's login details and card data before allowing the user to enter the intended legitimate app.

To show the overlays, BlackRock isn't that unique, and, under the hood, BlackRock works like most Android malware these days and uses old, tried, and tested techniques.

Once installed on a device, a malicious app tainted with the BlackRock trojan asks the user to grant it access to the phone's Accessibility feature.

The Android Accessibility feature is one of the operating system's most powerful feature, as it can be used to automate tasks and even perform taps on the user's behalf.

BlackRock uses the Accessibility feature to grant itself access to other Android permissions and then uses an Android DPC (device policy controller, aka a work profile) to give itself admin access to the device.

It then uses this access to show the malicious overlays, but ThreatFabric says the trojan can also perform other intrusive operations, such as:

• Intercept SMS messages
• Perform SMS floods
• Spam contacts with predefined SMS
• Start specific apps
• Log key taps (keylogger functionality)
• Show custom push notifications
• Sabotage mobile antivirus apps, and more

Currently, BlackRock is distributed disguised as fake Google update packages offered on third-party sites, and the trojan hasn't yet been spotted on the official Play Store.

However, Android malware gangs have usually found ways to bypass Google's app review process in the past, and at one point or another, we'll most likely see BlackRock deployed in the Play Store.

Advance website hacking course by Dedsec

Advance course of website Hacking by Dedsec..

What is Website Hacking.?
Hacking a website is the process of exploiting vulnerabilities of the target website in order to gain unauthorized privileges to it.It consists of many phases like information gathering,vulnerability analysis,etc.and the attacks include Defacing,Sql injection,DDoS,PDoS,Cracking etc, This Practical Course Is purely based on only Website Hacking.

What you’ll learn:
You Will Learn About MSSQL
You Will also Learn About Base64 SQL
You Will Learn Admin Panel Bypassing
Your Concept Will Be Clear About Dorks
You Will Also Learn Technique of Symlink
Get The Knowledge of Website defacement
We Will Teach You Shell Uploading In WordPress Sites
You will learn how to Crack Live SMTP Cpanel And Shells
Your will complete website hacking from Basic to Advance

Who this course is for:

• You
• Ethical and Black Hat hackers
• Penetration Testers
• Security engineers
• Network engineers
• IT security professionals
• Computer Professionals
• Anyone who wants to learn how to Hack
• Anyone using internet
• Anyone who wants to know the blackhat hacking world
• Anyone who wants to secure their data
• If you are a female hacker you become totally irresistible to men.

Course Topics:

1 Introduction to Website Hacking
2 Admin Panel Bypass
3 Admin Panel Find Using Perl
4 Backdoor In A Website
5 Clear Concept About 0Hex And URL Code
6 Clear Concept About Dorks
7 Clear Concept About Injection Point
8 Clear Concept About Parameter
9 Cpanel Hack Without Script
10 After Deface Which Things We Should Check
11 Database Show By Using XSS Dios
12 How To Deface Site And add Zone-h And Mirror-h
13 How To Hack Cpanel With Script
14 How To Hack Normal Site With Manual Way
15 How To Hack SMTP
16 Base64 SQL Class
17 How we Can Use ( Group By )
18 How you Can Got Easily Shell And Cpanel
19 How you will setup Hacking Browser
20 Internal Server Error Bypass
21 IP Blocking Bypass
22 Local Veriable Inject Site
23 MSSQL Guide
24 Routed Query Full Guide
25 Shell Upload In WordPress
26 Upload Shell In WordPress Second Method
27 Two Way Upload Shell In OpenCart Panel
28 Upload WSO Shell
29 Symlink Work For Education
30 Uploader In Admin Panel
31 Web Hack Using Post Data
32 Which Tools we need in Website Hacking
32 Methods Of Website Hacking

 

Bonus:- Included Many Paid Tools & Scripts In The Course For Free

Note:- Open Support Ticket After Buying This Course for getting Your Player Password

Click Here To View Demo Video

Note:-Disclaimer
Any actions and or activities related to the material contained within this Course is solely your responsibility.The misuse of the information in this Course can result in criminal charges brought against the persons in question. The authors and Course Tutorials will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this Course to break the law. 

      ⭕Follow us on

• ⭕Instagram :- https://instagram.com/ii__dedsec
  ⭕Facebook :- https://www.facebook.com/deds33c
  ⭕Twitter. :- https://twitter.com/chang33z
  ⭕Website :- https://www.dedseec.com
  ⭕Google+ :- https://plus.google.com/+dedsec
  
  
  If You Happy to See my Video so please ???? LIKE ?? Comment And Share And Don't Forget to SUBSCRIBE to Your Channel DedSec.
  
  
  SUBSCRIBE US ON YOUTUBE FOR MORE UPDATES
  
  Love you all ????????????????
  
  Share, Support, Subscribe!!!
  
  About : DedSec is a YouTube Channel, where you will find technological videos in Urdu And Hindi, New Video is Posted Everyday :) *****THANKS FOR WATCHING*****
  
  
  DISCLAIMER: This Channel DOES NOT Promote or encourage Any illegal activities , all contents provided by This Channel is meant for EDUCATIONAL PURPOSE only .
  
  Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use.