“Around May 2020 ThreatFabric analysts have uncovered a new strain of banking malware dubbed BlackRock that looked pretty familiar. After investigation, it became clear that this newcomer is derived from the code of the Xerxes banking malware, which itself is a strain of the LokiBot Android banking Trojan. The source code of the Xerxes malware was made public by its author around May 2019, which means that it is accessible to any threat actor,” ThreatFabric analysts said in a research.
The research says that the target list of the BlackRock malware contains an important number of social, networking, communication and dating applications.
“So far, many of those applications haven’t been observed in target lists for other existing banking Trojans. It therefore seems that the actors behind BlackRock are trying to abuse the grow in online socializing that increased rapidly in the last months due to the pandemic situation,” the research paper said.
BlackRock’s target lists has 337 unique applications and several applications haven’t been observed to be targeted by banking malware before. Most targeted apps are related to banks operating in Europe, followed by Australia, the United States of America and Canada, ThreatFabric said.
“Those new targets are mostly not related to financial institutions and are overlayed in order to steal credit card details,” it says adding that most of the non-financial apps are social, communication, lifestyle and dating apps.
The researchers fear that the number of new banking Trojans will keep growing, leading to banking fraud and posing risks even for consumers who are not using mobile banking. It cites trojans like BlackRock that targets 3rd party apps.
“The second half of 2020 will come with its surprises, after Alien, Eventbot and BlackRock we can expect that financially motivated threat actors will build new banking Trojans and continue improving the existing ones,” the research says.