A sneaky new Android malware called BlackRock can steal data from over 300 Android apps.

Security Researchers ThreatFabric first learned about this banking trojan back in May.

This malware tricks you into thinking you’re logging into your bank account. It steals your username, password, banking information, and your money.

BlackRock uses a technique called an overlay. When the malware detects you using a legitimate app, it creates its own fake version of the log in screen for the app to trick you into entering your information.

Here’s an example of a bank app overlay provided by ThreatFabric.

This malware gets on to your phone disguised as a fake Google Update package. It then tricks you into authorizing permissions.

500

You won’t be able to find the app on your phone because it makes itself invisible. Just take a look at some of the permissions it grants itself on your phone:

  • Send test messages
  • Send text message to a number every 5 seconds
  • Send copies of text messages
  • Start apps
  • Log all text shown on your screen

Among the hundreds of apps targeted by this malware are:

  • PayPal Mobile Cash
  • Yahoo Mail
  • Microsoft Outlook
  • Gmail
  • Google Play
  • Uber
  • Ebay
  • Amazon
  • Bitcoin
  • Cash App
  • Bank of Scotland
  • Westpac Mobile Banking
  • Speedway Fuel
  • HSBC Mobile Banking

How to avoid it? Don’t just download apps that are suggested by pop-up online. Stick to the official Google Play store. As always, keep a close eye on all of your accounts and make sure you enable two-factor authentication.