A new strain of banking malware dubbed BlackRock has been detected by researchers at Threat Fabric.

An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. Xerxes was in turn spawned out of the LokiBot Android banking Trojan, first detected around four years ago.

The source code of the Xerxes malware was made public by its author around May 2019, making it possible for any threat actor to get their hands on it. Despite the code’s availability, researchers found that the only Android banking Trojan based on Xerxes’ source code that is currently operating appears to be BlackRock.

This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the team found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps.

By throwing their nefarious campaign net so wide, researchers believe the malware’s creators are attempting to exploit the increase in online socializing brought about by the outbreak of COVID-19.

“Technical aspects aside, one of the interesting differentiators of BlackRock is its target list; it contains an important number of social, networking, communication and dating applications,” noted researchers.

“So far, many of those applications haven’t been observed in target lists for other existing banking Trojans. It therefore seems that the actors behind BlackRock are trying to abuse the growth in online socializing that increased rapidly in the last months due to the pandemic situation.”

BlackRock was first spotted back in May 2020. When the malware is launched on a device for the first time, its icon is hidden from the app drawer, making it invisible to the end user. The malware then asks the victim for the Accessibility Service privileges, often posing as a Google update.

Once the user grants the request, BlackRock starts granting itself the additional permissions required for the bot to fully function without having to interact any further with the victim. When done, the bot is functional and ready to receive commands from the C2 server and perform the overlay attacks.

“Unfortunately, this malware is particularly sophisticated and can camouflage itself as a genuine app to do some damaging spy work in the background,” commented ESET cybersecurity specialist Jake Moore.

“It is vital that users know what apps they are downloading, or they may risk unknowingly downloading something illicit.”

Nearly half (43%) of UK and US employees have made errors leading to cybersecurity repercussions, according to a new study from Tessian. The analysis, undertaken in April during the height of the COVID-19 pandemic, suggests that the disruption and additional stress and distractions of remote working are making organizations more vulnerable to cyber-attacks facilitated by human error.

In the survey of 1000 workers in the UK and 1000 workers in the US, a quarter admitted to clicking on a link in a phishing email whilst at work. This most commonly occurred in the technology sector (47%).

Additionally, 20% of companies revealed they have lost customers due to sending an email to the wrong person. This was a mistake 58% of employees admitted to making and a further 10% said they had lost their job as a result.

Distraction was the biggest cause for these kinds of mistakes, according to the report. Nearly half (47%) highlighted being distracted as the main reason for falling for a phishing scam while 41% said this was the biggest factor in sending an email to the wrong person.

Other major reasons for clicking on phishing links were fatigue (44%) the perceived legitimacy of the email (43%) and because the emails purportedly came from a senior executive (41%) or well known brand (41%).

Over half of workers (52%) added that they make more mistakes at work when stressed, 43% when tired and 41% when distracted. Notably, 57% of workers stated they are more distracted when working from home.

With home working set to become much more common following the health crisis, the report suggests businesses need to focus on providing more extensive user awareness training.

Tim Sadler, CEO and co-founder of Tessian, commented: “To prevent simple mistakes from turning into serious security incidents, businesses must prioritize cybersecurity at the human layer. This requires understanding individual employees’ behaviors and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate for each person.”

UK Prime Minister Boris Johnson has ordered Huawei equipment to be removed completely from Britain’s 5G network by 2027.

After the Chinese company had been previously approved to run the UK’s 5G network on a limited basis, the UK’s National Security Council has decided to ban the purchase of 5G components from the end of this year, and ordered the removal of all existing Huawei technology from the 5G network by 2027.

According to Reuters, the National Cyber Security Center (NCSC) told ministers it could no longer guarantee the stable supply of Huawei gear after the United States imposed new sanctions on chip technology.

“This has not been an easy decision, but it is the right one for the UK telecoms networks, for our national security and our economy, both now and indeed in the long run,” Digital, Culture, Media and Sport (DCMS) secretary Oliver Dowden told parliament. “By the time of the next election, we will have implemented, in law, an irreversible path for the complete removal of Huawei equipment from our 5G networks.”

Dowden said the decision was made after the US imposed sanctions in May, which forced Huawei to use its own microchips and the NCSC advised ministers that they could no longer guarantee that the risk would be reduced.

The NCSC said Huawei have zero access alternatives which the UK has sufficient confidence in, and new restrictions make it “impossible to continue to guarantee the security of Huawei equipment in the future,” according to ITV News.

US President Donald Trump has repeatedly voiced caution over the use of Huawei technology, calling it an “agent of the Chinese Communist state,” and requested the UK follow his lead.

Huawei’s technology is used in multiple mobile networks, including BT’s EE mobile network, and by Vodafone and Three for 4G and 5G capabilities. The government also wants operators to “transition away” from purchasing new Huawei equipment for use in the full-fiber network, with Dowden saying he expected this to happen within two years, according to the BBC.

Shortly before the announcement, Sky News revealed that Lord Browne, Huawei’s UK chairman and the ex-chief executive of BP, would be leaving the Chinese company before his term had expired. It said he had given his notice a few days ago and would formally step down in September.

In a statement, Huawei called the decision “disappointing” and “bad news for anyone in the UK with a mobile phone.”

The statement claimed the decision will move Britain into the digital slow lane, push up bills and deepen the digital divide. “Instead of ‘levelling up’ the government is levelling down and we urge them to reconsider,” it said.

“We remain confident that the new US restrictions would not have affected the resilience or security of the products we supply to the UK.”

Huawei said its future in the UK has become politicized and it will conduct a detailed review of what today’s announcement means for its business in the UK, “and will work with the UK government to explain how we can continue to contribute to a better connected Britain.”

Michael Downs, director of telecom security at Positive Technologies, said: “The ongoing tug of war within the UK on Huawei’s involvement in its 5G networks has come to an end. Although the government isn’t stripping Huawei’s equipment straight away, the phased approach will have a marked effect on the telecoms industry, potentially costing billions because a lot of the major UK operators such as BT and Vodafone are already using its equipment not just for 5G but previous generation networks as well.

“Long term, the decision to exclude Huawei cannot be solved with a solution as idealistically simple as just swapping it for an alternative vendor immediately. There is also the additional cost of delaying deployments, as companies have already gone through the process of testing 5G equipment from Huawei.

“This whole process – including testing – will have to be started all over again. This will mean a more expensive network for the UK and a delay that could result in its national infrastructure being inferior compared to other countries.”

Andrew Glover, chair of the ISPA, added: “The Government’s 5G announcement today provides some welcome clarity to our members who are rolling out networks and providing broadband to consumers and businesses across the UK. We look forward to further consultation with Government to determine the policy for fixed networks with a clear focus on ensuring that our members can roll out new gigabit-capable networks at pace.

“As the Secretary of State emphasized today, supply chain interventions have a direct impact on the speed at which networks can be rolled out, so any new restrictions need to be counter-balanced with an appropriate level of support for the sector.

“The Government has rightly made upgrading our digital communications infrastructure a priority, we now need to see a clear, ambitious plan from policymakers to help the companies that are leading this charge.”

In a statement, BT said full compliance with these revised proposals would require additional activity, both in removing and replacing Huawei equipment from BT’s existing mobile network, and in excluding Huawei from the 5G network that BT continues to build. BT said that these costs can be absorbed within BT’s initial estimated implementation cost of £500m.

BT chief executive, Philip Jansen, said: “The security of our networks is an absolute priority for BT. Clearly this decision has logistical and cost implications for communications providers in the UK market – however, we believe the timescales outlined will allow us to make these changes without impacting on the coverage or resilience of our existing networks. It will also allow us to continue to deliver our 5G and full fibre networks without a significant impact on the timescales we’ve previously announced.

“Whilst we have provided our initial view on the estimated impact today, we will continue to evaluate the details of this decision thoroughly.”