Watch Now

Your email and personal information are confidential, and will not be sold or rented. For further information, read our Privacy Policy.

See how Zimperium can protect your mobile channels. 

Copyright © 2020 Zimperium All Rights Reserved | Privacy Policy

Trusted by Industry Leaders

Your mobile app user first installs a utility app containing connections to the BlackRock malware server. These apps are often handy currency conversion, stock information, or trading apps. (The BlackRock malware is not present on the device yet, to evade detection from Google Play.)

THREAT ADVISORY: BlackRock Malware

View the On-Demand Webinar

With Zimperium, we finally have a tool to pinpoint mobile banking fraud attributable to compromised devices.

 VP Mobile Security

 Global Financial Services Company

We needed to rebuild and relaunch our apps quickly and efficiently. Zimperium provided a one-stop-shop approach to identifying security, privacy and compliance risks during app development and protecting/monitoring apps from attacks while in use.

SVP of Application Development

 North American Bank

Days later, the malicious utility app updates itself to deliver the BlackRock malware files to your user's device.

Get in Touch

What Our Clients Are Saying

Allows banks to assess users' device risk for every single mobile banking session in real-time.


Global Financial Services Provider

Zimperium easily integrates into your mobile application development lifecycle:

Once installed, the malware then launches and hides from the user so as not to cause concern.

Complete the form to watch the Zimperium research and security teams explain the malware, how it works, who is targeted, and actions you can take to detect and remediate this and other advanced threats to your mobile apps.

BlackRock malware specifically targets 337 mobile apps to steal credit card information and banking account credentials.

How BlackRock Steals Data




The malware then cleverly achieves device access to the user's Accessibility Service by tricking your user into clicking on and agreeing to a fake Google update. This phony update allows the malware to gain more privileges on your user's device.



BlackRock then automatically grants itself additional permissions after receiving the requested Accessibility Service privilege and communicates with its command and control server.


BlackRock then abuses the Accessibility Service (provided by your user) to display a malicious overlay screen that exactly mimics your app's login screen. Your users cannot detect this fake overlay screen on top of your app running in the foreground. Your user will unknowingly provide her banking login credentials or credit card information directly to the attackers. The malware also contains functions to capture incoming SMS messages to record second-factor authentication information.

Captured credit card numbers and account credentials can be used for fraud payments, transfers, or sold on the Black Market.