BlackRock Trojan: Aggressive Viral Menace For Android Device Users

a computer screen with a malware symbol on it

A new attack on android applications known as the BlackRock trojan has already targeted over 300 applications on the android operating system, including banking, social media, and dating applications. Any application with payment features, which is most nowadays, has been targeted and users credit card information has been compromised. How does this all work though, and what implications will it have for the future of the android operating system?

The Mechanics of BlackRock

The essential approach that BlackRock takes to get access to your information is it sends out a false Google Update and requests accessibility privileges. After it is granted these privileges it develops its own autonomy and no longer needs further interaction from the user to operate, it does this through granting itself further permissions afterwards. 

Some abilities BlackRock has, are traditional of trojan attacks, and some are quite problematic. It can collect device information, it can perform overlay attacks, but even more concerning, it can prevent antivirus software and even prevent uninstalling, leading to a longer lifespan than most hacks and more damage being done to your device and more of your information being compromised.

The Network and History of BlackRock Malware

Information from the site ThreatFabric has concluded that BlackRock is based on banking malware known as Xerxes, which itself is a version of Lokibot malware, discovered in 2019. Lokibot is part of an underground network of rented malware which circulated in 2016 and 2017. What really caused it to be a ubiquitous problem is when the source code got leaked. 

Android tried to get out in front of the older malware by pushing their newer devices which, with their new hardware, had a natural adaptation curve for implementing the attacks on the new systems. This, unfortunately, didn’t last long. In 2018, MysteryBot dropped, which was an update on the Xerxes system to work with new Android systems. 

The ancestral history of BlackRock is inundated with Lokibot variants. Parasite was a brief problem, although after disappearing from the malware space, Xeres was the direct parent of BlackRock, with the former appearing in 2019 and now, here in 2020, we have BlackRock.

Top Apps That Have Been Threatened

Numerous applications have suffered the injection and compromise of BlackRock, but the most notable are:

  • Gmail
  • Google Play
  • Netflix
  • Wells Fargo
  • Twitter
  • Instagram
  • Facebook

Many others have been targeted as well, leading to an entire suite of applications being at risk. Millions of users could have been affected and had their financial and contact information now in the hands of hackers, which could be numerous themselves seeing as the above mentioned malware network is vast and diverse.

Implications for Android

Android, being a more open operating system, runs the risk of more of these said attacks if they don’t take a new approach to how they monitor their application base. Two futures exist for android after this latest breach.

One, they stay with the same approach they have now and hope that they can rely on a numbers game, praying that the majority of their apps stay solid with their own individual protection protocols, and hoping the majority of their users stay safe.

The other is they radically change how they monitor their operating system, implementing much more rigorous analysis of their potential apps and making the approval process contain much more scrutiny in their security requirements. 

Either way the future for android will remain risky if they simply ignore the growing underground network of malware. They desperately need to engage in research of this growing corner of the hacking world if they have any hope of maintaining a safe and secure user base.

Get more news, tips and tricks at our blog here.

Working Together, Apart: The Office Guide to Social Distancing

a wooden table with scrabble letters spelling social distancing

As many companies move into the next stage of a phased reopening plan, it’s an exciting time to get the team back together and return to business as usual. In the wake of COVID-19 and the new normal, use our office guide to social distancing to adapt, excel, and succeed together.

AE Technology Group is here to support our business clients in a successful reopening with these key tips on creating social distancing in any office space.

Lean, Mean, and Sparkling Clean

Although our offices may be running at half capacity until we slowly transition into a full workplace, there’s never been a greater need for cleanliness. Think beyond the recycling bin and develop a rotating schedule for disinfecting common areas. Frequently disinfect surfaces such as conference room tables, kitchen spaces, and front desks.

Remember that COVID-19 can survive for 24 hours to three days on hard surfaces! Daily cleaning proactively eliminates viral germs before they have time to spread. Divide tasks between in house staff members, bearing in mind flexible schedules as teams continue to increase hours. 

Consider temporarily removing shared coffee stations, microwaves, and community cupboards. As an alternative, treat your staff to a weekly local business luncheon and offer a coffee perk card instead of the traditional water cooler. Not only is this a great way to show your team how valuable they are, but it’s a responsible strategy for minimizing the spread of COVID-19.

Last but not least, please emphasize that everyone — yes, everyone — must wash their hands. 

Personal Space and the No Contact Bubble

Social distancing in the workplace is a simple matter of making the most of any space available. This may entail rearranging desks and cubicles to allow for the appropriate distancing of 6-feet apart. Considering establishing a sign-up sheet for conference rooms and limiting capacity to under ten individuals. Providing masks is a great idea to protect vulnerable workers, as well as utilizing plexiglass and other barriers to avoid direct peer-to-peer or client contact.

Small businesses may need to think outside the cubicle box and “create space” by employing back-to-back or side-to-side stations rather than front-facing ones whenever possible. Another tactic for reducing the number of people each person has contact with is to divide your staff into teams or partners so that each individual only works with 3-5 other individuals.

Provide hand sanitizer at all workstations and minimize shared devices such as phones by encouraging the use of headsets instead. Consider staggering shifts to avoid a crowd during the opening and closing hours. With a little teamwork, your company can enjoy a seamless reopening while doing your part to protect our staff and our clients.

Viruses: Not Just for People

Once you’ve implemented a germ proof social distancing plan, it’s time to take a look at technology considerations while returning to a new normal. Many staff members will likely still be working remotely for some portion of their workweek. Support your team by ensuring your network is encrypted with a strong firewall and confidential client information is well protected. Discourage the use of personal devices such as laptops, tablets, and phones for work purposes as these are often easily compromised and prone to viruses of the digital kind. Instead, assign laptops to each key member along with a list of available IT resources for training, troubleshooting, and more.

Stay connected with seamless all-in-one communication and project management software. Microsoft Teams is the number one choice for collaboration from conference calls to client meetings. Securely access and share files through SharePoint and OneDrive for added efficiency from home or anywhere in the office.

Technology Etiquette

Lastly, remember to be polite and mindful of your co-workers. With many employees working remotely for some time now, a lot of these behaviors may have slipped.

Need a little extra help migrating to a socially distant workspace?

Our experts are here to help with practical strategies for meeting your business’ technology needs and keeping everyone healthy, happy, and ready to crush that 9 to 5 grind.