The malware is apparently installed primarily via fake Google updates that are offered outside the Google Play Store. During installation, the app requests access rights for the Android accessibility; if these are granted, the malware silently grants additional authorizations. At the same time, it ensures that it disappears from the overview of the installed apps in order not to be tracked down at all.

It becomes critical for the user when he then starts one of the affected apps – instead of the menu from Facebook and Co., the user is then shown a fake interface that, when confirmed, picks up user data before the real app is started. Although BlackRock apparently only comes to user smartphones via fake updates from third-party providers, Threat-Fabric warns that the criminals could also make it to the official Play Store.

As the researchers found, the malware on the user devices can do some damage: BlackRock sends text messages in bulk to countless other users, starts certain apps or push messages without being asked, and can manipulate antivirus apps so that they no longer work.

The malware has apparently not yet ended up in the Google Play Store; however, ZDNet assumes that this will change sooner or later. In order to protect yourself as well as possible from dangers to your smartphone, you should only ever install apps from trustworthy sources; Furthermore, the installation of a smartphone virus scanner can help to detect dangerous malware at an early stage.