BlackRock: a new detected Trojan attacks 337 Apps and banck including PayPal

A new Trojan was detected this week. The Trojan’s name is BlackRock and is a part of ”LokiBot” Trojans. The banking Trojans attacked 337 apps and many other online banks and stores. PayPal, Payoneer and Play store are among the victims of the new Trojan.

Malware Loki was the parent version of the Trojan. This Trojan stole personal data as passwords, e-wallets and Credit cards. Loki could hack more than 50 different applications which caused panic and reports.

However, it looks like it’s none comparable to the new banking Trojan. Black Rock Trojan attacks primarily the banking data. But it soon spread everywhere to social network, Play stores and online payment.

How the BlackRock works?

Users have only to download a file, any file from an unauthentic source. Then the Trojan starts by hiding its icon from the app drawer. After it becomes invisible to the user, Blackrock asks the user for the “Accessibility Service privileges”. In order to reassure the victim that the authorization is normal, the Trojan asks for the permission under the title “Google updates”. When the victim falls in the trap, the Trojan gets more access by granting more access to different files and data.

How dangerous is the BlackRock?

This Trojan is highly dangerous. It totally hides any trace. That’s why he can steal all your card money or personal information while you are unaware of the attack.

Does BlackRock attack the US ?

According to threatfabric, the US is on the 8th place of the most countries affected by the BlackRock Trojan. This type of Trojans resemble to snow balls. First they target very specific victims as Banks, online stores as PayPal, Amazon and even Tinder. Then, they launch a massive attack everywhere. This is where his danger lies.

How can I protect my device from the BlackRock trojan:

The first thing to do is to update your anti-malware. This Trojan is new which means that your system can’t detect automatic. However, the most important defense is to avoid receiving files from unknown or unauthentic sources.

Leave a Reply