CATEGORIES
home News

Black Rose Lucy Malware Returns As Sneaky Ransomware Aimed At Android Devices

by Shane McGlaunWednesday, April 29, 2020, 02:11 PM EDT
lucy ransomware

Ransomware is a global problem that can strike individual, organizations, and even health institutions to disastrous results. It demands that the user send money, typically in the form of cryptocurrency to the attackers to have their devices and files unlocked. An old ransomware threat called Black Rose Lucy that was initially discovered in September 2018 is now making a resurgence.

Black Rose Lucy is a malware-as-a-service botnet for Android devices where it can take control of the victim's devices to make changes and install new malicious applications. When the Lucy malware is downloaded, it encrypts files on the infected device and displays a ransom note in the browser window claiming to be an official message from the FBI.

The ransom note accuses the victim of possessing pornographic images on the device and states that the user's details have been uploaded to the FBI Cyber Crime Department's Data Center. The warning message also includes a list of offenses the user is accused of committing. The ransom demand instructs the user to pay a $500 fine. Interestingly, rather than trying to get the user to pay using the more common cryptocurrency, Lucy asks the victim to provide credit card information.

Check Point researchers say that they have discovered more than 80 samples distributed mainly via social media links, and IM messages associated with the new and active Lucy variant. Android has protections that require users to carry out manual configuration to enable an application to have device administrator privileges. However, the Android accessibility service can automate user interactions with the device and could be used by malware to get around those security restrictions. Lucy specifically uses a sneaky method of getting inside the Android device to block defense mechanisms.

lucy back malware popup

Lucy displays a message that asks the user to enable SVO or Streaming Video Optimization. When the user clicks OK, it's granting the malware permission to use the accessibility service. That permission allows Black Rose Lucy to begin its attack on the user device. The researchers say that samples of Lucy they acquired were disguising themselves as seemingly harmless video player applications. 

Ransomware can have real-world implications. In the healthcare industry, researchers linked a rise in heart attack fatalities to ransomware infections of hospital computer systems.

Tags:  Android, Malware, security, Ransomware
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment