Android malware authors targeting more than banking apps now.

Cyber security researchers, Threat Fabric, have announced that over 300 non-financial applications are being targeted by the Black Rock trojan. Black Rock is derived from the code of the Xerxes banking malware, with a wider target pool. The malware aims to steal data and credentials from social networking, dating and cryptocurrency apps.

When installed the malware first asks the users for permission to 'Observe your actions' and 'Retrieve window content'; in fact it is seeking to gain the following permissions:

Command	Description
Send_SMS	Sends an SMS
Flood_SMS	Sends an SMS to a specific number every 5 seconds
Download_SMS	Sends a copy of SMS messages to C2
Spam_on_contacts	Sends an SMS to each of the contacts present on the infected device
Change_SMS_Manager	Set malware as default SMS manager (command is repeated every 30 seconds until action is achieved)
Run_App	Starts a specific app on the bot
StartKeyLogs	Logs text content shown on the screen from targets and sends it to the C2
StopKeyLogs	Stops logging the accessibility events from targets
StartPush	Send a copy of all notifications content to the C2
StopPush	Stops sending a copy of all notifications content to the C2
Hide_Screen_Lock	Keeps the device on the HOME screen
Unlock_Hide_Screen	Unlocks the device from the HOME screen
Admin	Makes the both request admin privileges
Profile	Adds a managed admin profile for the malware on the device
Start_clean_Push	Dismisses (hiding) all push notifications
Stop_clean_Push	Stops dismissing push notifications

BlackRock embeds following set of features, allowing it to remain under the radar and successfully harvest personal information:

• Overlaying: Dynamic (Local injects obtained from C2)
• Keylogging
• SMS harvesting: SMS listing
• SMS harvesting: SMS forwarding
• Device info collection
• SMS: Sending
• Remote actions: Screen-locking
• Self-protection: Hiding the App icon
• Self-protection: Preventing removal
• Notifications collection
• Grant permissions
• AV detection

Threat fabric summarises by saying:

"we can expect that financially motivated threat actors will build new banking Trojans and continue improving the existing ones. With the changes that we expect to be made to mobile banking Trojans, the line between banking malware and spyware becomes thinner, banking malware will pose a threat for more organizations and their infrastructure"