Overlay assault. BlackRock abuses the Accessibility Service to check on which application operates into the foreground.

Overlay assault. BlackRock abuses the Accessibility Service to check on which application operates into the foreground.

BlackRock abuses the Accessibility Service to test which application runs when you look at the foreground. Just like the Ginp Android banking Trojan, BlackRock has 2 kinds of overlay displays, one is a generic card grabber view together with other is particular per targeted application – credential phishing overlay. Both target listings are located in the appendix of the weblog.

The after rule snippet shows the way the overlay WebView is established:

As shown in the last code snippet, the Address regarding the overlay points to neighborhood files instead of a internet location. This might be an element this is certainly inherited from Xerxes, which downloads an archive while using the goals overlays files from the device https://datingmentor.org/escort/boise/ that is infected. ادامه مطلب