• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – New Versions of the Bazar Loader and Backdoor
July 21, 2020
Rewterz Threat Advisory – CVE-2020-3345 – Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability
July 22, 2020

Rewterz Threat Alert – From LokiBot to Xerxes to BlackRock banking Trojan

July 21, 2020

Severity

High

Analysis Summary

Researchers reports on a banking Trojan that appears to be a derivative of Xerxes and LokiBot that they have dubbed “BlackRock”. The source code for Xerxes has been publicly available since around May of 2019. One change to the source code used to create BlackRock includes the list of targets. The additions include social media, networking, communication, and dating apps. After installation onto an Android device, BlackRock first hides its icon from the app drawer so that it is not visible to the user. It then asks for additional privileges, namely access to the Accessibility Service. The Accessibility Service is a known pathway to gaining additional privileges in the Android world. Once this privilege is granted by the user, BlackRock then provides additional privileges to itself so that further user interaction is no longer required. After this is accomplished, it waits for instructions from its command and control server. Should the user attempt to use any of a number of Android anti-virus software applications, it will lock the user to the home screen of the device. Some functions available to BlackRock include overlay attacks, steal SMS messages, hide notifications, and act as a keylogger.

LokiBot malware family

Impact

  • Keylogging
  • Information theft
  • Locks users out of the device

Indicators of Compromise

SHA-256

  • 51f9c37c3eec0b6f8325aa1c8fe64a0615ab920584042df557426473b1270b40
  • 6fa4baef8a811f429cee4b383d7a4776b7b363b62551c8d8e0f93bad33adefbd
  • 7d34aaf84754fb247507681bcd821f9533f24c6d78aa6779a11f4d789d4822ee
  • 81fda9ff99aec1b6f7b328652e330d304fb18ee74e0dbd0b759acb24e7523d8c
  • fbaf785edfafa583ea61884d88f507a27154892a394e27d81102f79fe7eb5b8f

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.