Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Evolved Android malware Black Rose Lucy now holds smartphones ransom

By Liu Hongzuo - on 29 Apr 2020, 11:36am

Evolved Android malware Black Rose Lucy now holds smartphones ransom

Source: Check Point Research.

It's rarely a good thing when an ex-flame comes back into your life. Enter Black Rose Lucy, a Russian Malware-as-a-Service (MaaS) botnet and a dropper that collected device data, has now returned with new ransoming capabilities, effectively turning it into a brand-new piece of ransomware.

First discovered in September 2018 by Check Point Research, the Black Rose Lucy malware controlled a botnet of victimised Android OS devices to send out additional payloads of itself while it collects device information. The original iteration of Black Rose Lucy will continuously prompt the user to enable accessibility services for the malware through trickery and false notifications.

Using Android's accessibility services, it can mimic on-screen clicking to carry out malicious activities - such as granting itself administrative privileges by 'tapping' its way in and ignoring battery optimisation kill commands to keep Black Rose Lucy active.

If you thought that was terrible news, Black Rose Lucy is now back and 'changed', but not necessarily for the better. Today's update by Check Point Research found that the malicious script now hosts additional features, such as its ransomware component, the ability to take control of the victim's devices, and the capability to install other malicious applications.

The ransom note Black Rose Lucy uses. Source: Check Point Research.

The upgraded malware is usually distributed via social media and instant messaging apps through URLs. Black Rose Lucy now encrypts the files on the infected Android OS device, displaying a ransom note that asks the user to pay a US$500 fine by providing their credit card information.

Like its earlier variant, the new Black Rose Lucy relies on Android accessibility services to run its gamut of malicious activities, and it tricks users by pretending to be a harmless video playback app. Besides gaining control over the smartphone or mobile device, the malware also encrypts the gadget's data files, effectively holding it ransom until the fee is paid.

The encryption/decryption function on the new version of Black Rose Lucy malware. Source: Check Point Research.

For a technical understanding of how the new Black Rose Lucy works, you can check the researchers' notes uploaded to their blog here. To learn more about the history and evolution of ransomware, you can check out an old feature we had here.

Source: Check Point Research (blog)