LokiBot Redux Attacks Massive List of Common Android Apps

Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that’s attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices.

The apps targeted include:  Amazon, eBay, Facebook, Grinder, Instagram, Netflix, PlayStation, Reddit, Skype, Snapchat, TikTok, Tinder,  Tumblr, Twitter, Uber and VK, among many others, researchers said.

The malware, which ThreatFabric discovered in May, is derived from the source code of the Xerxes banking malware, which itself is a variant of LokiBot, researchers said in report posted online Thursday. The threat actor behind Xerxes made the source code to that malware public in 2019, a type of event that typically sets off a chain reaction of malware variants, researchers noted.

Read more…
Source: ThreatPost