Android smartphone users have been warned about a fake Google update that could steal your personal data.
Researchers from ThreatFabric said the update – known as BlackRock – targeted 337 apps, including Tinder and Netflix.
They said its targets included social, networking, communication and dating, the Mirror reports.
Users are being advised to check their phone update is from Google before they grant access to any of their information.
In a blog about the findings, the researchers said: “One of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications.
“So far, many of those applications haven’t been observed in target lists for other existing banking Trojans.
“It therefore seems that the actors behind BlackRock are trying to abuse the grow in online socialising that increased rapidly in the last months due to the pandemic situation.”
The malware, dubbed BlackRock, starts by hiding its icon from the app drawer, making it invisible to the user.
It then poses as a fake Google update, and requests access to your apps.
If you grant this request, the malware can access your personal data within those apps, including your messages.
The researchers explained: “Once the user grants the requested Accessibility Service privilege, BlackRock starts by granting itself additional permissions.
“Those additional permissions are required for the bot to fully function without having to interact any further with the victim.
“When done, the bot is functional and ready to receive commands from the C2 server and perform the overlay attacks.”
How to keep your personal information safe
Check if an update is from Google by opening Settings > System > System Updates. Tap on Check for Updates to see if you have something new.
Jake Moore, Cyber security specialist at internet security company ESET, said: “This malware is particularly well made and can easily camouflage itself as a genuine app and do some damaging spy work in the background.
“It is vital you know what apps you are downloading by checking reviews and only using trusted app stores to avoid unknowingly downloading something more illicit.
“Once on your device this malware can copy every single keystroke you type so if this includes your passwords or security answers, they will be stolen instantly without your knowledge.
“One way to protect yourself from keyloggers is to use a password manager so when you need to place any sensitive information in the corresponding fields, you simply copy and paste them in from the manager resulting in the keylogger only logging that you used the clipboard copy and paste function rather than capturing your private credentials.”