"New BlackRock Android Malware Can Steal Passwords And Card Data From 337 Apps"

Researchers at ThreatFabric have discovered A new Android malware strain called BlackRock.  BlackRock works like most Android banking trojans, except it targets more applications than most of its predecessors.  BlackRock can target 337 Android applications.  The trojan will steal the user's login credentials (username and passwords), and where available, will prompt the victim to enter payment card details if the application supports financial transactions.  The trojan can also intercept SMS messages, perform SMS floods, spam contacts with predefined SMS, start specific apps, log key taps, show custom push notifications, and sabotage mobile antivirus apps.  Once installed, the malicious app will ask the user to grant it access to the phone's Accessibility feature.  BlackRock uses the Accessibility feature to grant itself access to other Android permissions and then uses an Android DPC to give itself admin access to the device.  

ZDNet reports: "New BlackRock Android Malware Can Steal Passwords And Card Data From 337 Apps"