The malware has the potential to extract login credentials and credit card details from over 300 services like email, e-commerce apps, social media apps, banking and financial apps.
It comes under the category of Trojan virus which is capable of collecting a user's information in the background as they use their device, without their knowledge and permission.
"The attack campaign of this 'Trojan' category virus is active globally," said the Computer Emergency Response Team of India (CERT-In) in its advisory.
"It is reported that a new Android malware strain dubbed 'BlackRock' equipped with data-stealing capabilities is attacking a wide range of Android applications. The malware is developed using the source code of Xerxes banking malware which itself is a variant of LokiBot Android Trojan," the advisory added.
ALSO READ | Google Snooping On Users' Data To Learn How They Use Rival Apps Like TikTok, Instagram: Report
Targets Over 300 Mobile Apps
Most notably, the malware can target about 337 applications which include bank and finance apps, and non-financial apps that are for communication, networking and socialising.
"It can steal credentials and credit card information from over 300 plus apps like email clients, e-commerce apps, virtual currency, messaging or social media apps, entertainment apps, banking and financial apps etc," the advisory said.
It disguises itself as a Google update to gain access to services on the device.
"When the malware is launched on the victim's device, it hides its icon from the app drawer and then masquerades itself as a fake Google update to request accessibility service privileges."
"Once this privilege is granted, it becomes free to grant itself additional permissions allowing it to function further without interacting with user," it said.
ALSO READ | Samsung Galaxy M31s Launched! Check Out Camera Features, Display, Battery, Price & More
Perpetrators can issue a number of threads that include spamming victims' contact lists through messages, setting the malware as the default SMS manager, pushing system notifications to the C2 (command and control) server, stealing and hiding notifications, sending spam and steal SMS messages and many more such activities, the advisory stated.
The virus threat is especially serious as it can go unchecked by the majority of anti-virus scanners.
"Another feature of this Android Trojan is making use of "Android work profiles" to control the compromised device without requiring complete admin rights and instead of creating and attributing its own managed profile to gain admin privileges," it said.
Precautionary Steps To Follow
The agency has recommended certain preventive steps to be undertaken:
- Do not download and install apps from untrusted sources - use verified sources only
- Always look into the app details, the number of downloads, user reviews and check 'additional information' section before downloading an app from Google play store.
- Use device encryption or encrypt the external SD card.
- Avoid using unsecured, unknown Wi-Fi networks.
- Download the official and verified version of banking apps to use.
- Have a strong AI-powered mobile antivirus installed to detect and block tricky malware.
WATCH | Google, Facebook, Amazon & Apple testify before the House Judiciary antitrust subcommittee