New Android malware targets over 300 different apps - with a focus on dating and social media

(Image credit: Shutterstock / quietbits)

Researchers have discovered a brand new Android malware that targets an extensive list of more than 300 different applications.

Uncovered by security firm ThreatFabric, the BlackRock banking Trojan is designed to hoodwink victims into revealing personal and financial data.

According to researchers, the malware has a relatively limited set of attributes, but still allows its operators to perform overlay attacks, steal SMS messages, lock the victim in the home screen and deflect Android antivirus software.

While most banking Trojans typically take aim at banking services exclusively, BlackRock targets a range of other popular apps, including Tinder, TikTok, Facebook, Instagram, Twitter, Grinder, Netflix and many more.

Android malware

Analysis suggests the new Android malware is a variant of (or successor to) the infamous LokiBot Trojan, which was highly active back in 2017 and has been iterated on a number of times since then.

The BlackRock banking Trojan might not be the world’s most complex Android malware - in fact, it contains fewer facilities than its predecessor (LokiBot derivative Xerxes) - but does manage to establish a measure of persistence.

According to ThreatFabric, the Android malware is set to redirect the victim to the home screen whenever popular antivirus apps are launched, from household names such as Avast, AVG, Kaspersky, McAfee and more.

BlackRock also exhibits a unique trait that allows the malware to give itself unlimited access privileges, by manipulating an Android feature that companies use to define a device policy controller (DPC).

The malware’s most curious quality, however, is its large and ranging list of targets, which appears to hint at the strategy adopted by its creators.

Many of the 337 distinct target applications have never before been the focus of an Android banking Trojan and the high volume of social and dating applications on the hit list points to a concerted effort to capitalize on the pandemic, which has forced people to embrace digital forms of communication.

“Although BlackRock poses a new Trojan with an exhaustive target list, looking at previous unsuccessful attempts of actors to revive LokiBot through new variants, we can't yet predict how long BlackRock will be active on the threat landscape,” noted ThreatFabric in a blog post.

“The number of new banking Trojans will continue to grow, bringing new functionalities to increase the success rate of fraud while fraud becomes a growing risk even for consumers not using mobile banking.”

Android users are advised to protect all online accounts with multi-factor authentication (MFA) and to download content only from trusted sources.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before