BlackRock abuses the Accessibility Service to test which application runs when you look at the foreground. Just like the Ginp Android banking Trojan, BlackRock has 2 kinds of overlay displays, one is a generic card grabber view together with other is particular per targeted application – credential phishing overlay. Both target listings are located in the appendix of the weblog.
The after rule snippet shows the way the overlay WebView is established:
As shown in the last code snippet, the Address regarding the overlay points to neighborhood files instead of a internet location. This might be an element this is certainly inherited from Xerxes, which downloads an archive while using the goals overlays files from the device https://datingmentor.org/escort/boise/ that is infected. ادامه مطلب