Computer Emergency Response Team of India (CERT-In) has issued an alert against an Android malware, dubbed "BlackRock", that has the potential to "steal" banking and other confidential data of a user.
A new Android malware has been discovered by a team of security researchers that is found to target a list of social, communication, and dating apps. The malware, called BlackRock, is a banking Trojan — derived from the code of the existing Xerxes malware that is a known strain of the LokiBot Android Trojan.
Google has removed 25 apps from its Google Play store that were caught stealing Facebook credentials. According to the French cyber-security firm, Evina, these malicious apps collectively had over 25 lakh downloads.
"It is a mobile-banking Trojan and info-stealer that abuses Android''s in-built accessibility features to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication," the CERT-In advisory said.
Cerberus a relatively new Android malware can now extract, one-time passwords (OTP) generated by Google's Google Authenticator. Cerberus is a critical risk for financials offering online banking services.