Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that’s attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices.
The apps targeted include: Amazon, eBay, Facebook, Grinder, Instagram, Netflix, PlayStation, Reddit, Skype, Snapchat, TikTok, Tinder, Tumblr, Twitter and VK, among many others, researchers said.
The malware, which ThreatFabric discovered in May, is derived from the source code of the Xerxes banking malware, which itself is a variant of LokiBot, researchers said in
report posted online Thursday. The threat actor behind Xerxes made the source code to that malware public in 2019, a type of event that typically sets off a chain reaction of malware variants, researchers noted.
BlackRock is on one level a normal banking trojan, targeting banking and different crypto apps across various countries on at least five continents, including the United States, Japan, United Kingdom, Australia, France, Canada and Malaysia.
