Security News > 2020 > July > LokiBot Redux Attacks Massive List of Common Android Apps

LokiBot Redux Attacks Massive List of Common Android Apps
2020-07-16 07:00

Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that's attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices.

While BlackRock's banker abilities are not overly impressive, offering "a quite common set of capabilities compared to average Android banking trojans," according to the report, it has other assets.

One of the things that's unique is that non-financial group of apps it targets; BlackRock lifts data from a rather extensive list of very common chat, dating, gaming and social-media apps.

Programs the malware can detect and deflect include: Avast, AVG, BitDefender, Eset, Symantec, TrendMicro, Kaspersky, McAfee and Avira, researchers said, as well as applications to clean Android devices, such as TotalCommander, SD Maid or Superb Cleaner.

One other unique functionality BlackRock has in comparison to other Android trojans is that it takes advantage of Android work profiles by creating and attributing itself a profile to gain admin privileges.


News URL

https://threatpost.com/lokibot-redux-common-android-apps/157458/