Fake Google Android update steals your data

We live in a world where people go to great lengths to steal your data. There are many reasons for this such as stealing your identity and attempting to empty your bank accounts.

Over the years we have got more savvy when it comes to spotting this type of activity. However, this means the bad guys creating the software to steal your data are also getting smarter.

This latest threat, which was uncovered by security firm ThreatFabric is worrying. This is because it appears to be a lot smarter than malware we’ve seen previously. So let’s take a look at the threat and how you can keep safe and secure online.


This particular Malware is known as Blackrock and is disguised as a Google Android update. Anyone who uses the software will assume they are simply updating to the latest Android version.

However, you are simply installing the Malware onto your device so it can steal your data. Once installed the app icon disappears, so you’ll not be aware this software exists on your Android device.

Also, it’s been reported most anti-virus software is unable to detect the issue. This is because it simply takes you back to your home screen when you run your anti-virus scan software.


Once the malware is installed on your device it’s capable of stealing your username and passwords from over 377 apps. These apps include things like Netflix, Amazon, Paypal and Facebook.

Even more worrying is that it can also steal your username and password for Gmail. If Malware gets access to your Gmail account; this essentially means they could take control of your emails and all your personal information.

If you use an Android phone or Chromebook for all of your computing needs. This means hackers could take control of your entire account. This is one of the reasons why you need to ensure you setup a recovery option for your Google account.

As with most malware you’ll be unaware of the permissions it has granted itself. This allows it to easily steal usernames, passwords and even credit card details you’ve got stored with different online companies.


The good news is that Blackrock has not yet been identified on the Play Store. This means the people infected by this malware have gone looking for Android updates from third party suppliers.

This is a huge risk and is something I would never recommend doing. A website can look very convincing and can easily convince you that you’re in fact installing a genuine Google Android update.

To stay safe keep well away from third party websites that allow you to install Android Apps. It’s always best to only install Android apps from the play store. These apps are checked regularly, so any potential threats are removed as soon as they are found.

You should only install apps from companies you know. Even when downloading apps from the Play Store. If you’re downloading apps from unrecognised sources. Always read the reviews and comments from other people first.