Evolved Android malware Black Rose Lucy now holds smartphones ransom
By
Evolved Android malware Black Rose Lucy now holds smartphones ransom
It's rarely a good thing when an ex-flame comes back into your life. Enter Black Rose Lucy, a Russian Malware-as-a-Service (MaaS) botnet and a dropper that collected device data, has now returned with new ransoming capabilities, effectively turning it into a brand-new piece of ransomware.
First discovered in September 2018 by Check Point Research, the Black Rose Lucy malware controlled a botnet of victimised Android OS devices to send out additional payloads of itself while it collects device information. The original iteration of Black Rose Lucy will continuously prompt the user to enable accessibility services for the malware through trickery and false notifications.
Using Android's accessibility services, it can mimic on-screen clicking to carry out malicious activities - such as granting itself administrative privileges by 'tapping' its way in and ignoring battery optimisation kill commands to keep Black Rose Lucy active.
If you thought that was terrible news, Black Rose Lucy is now back and 'changed', but not necessarily for the better. Today's update by Check Point Research found that the malicious script now hosts additional features, such as its ransomware component, the ability to take control of the victim's devices, and the capability to install other malicious applications.
The upgraded malware is usually distributed via social media and instant messaging apps through URLs. Black Rose Lucy now encrypts the files on the infected Android OS device, displaying a ransom note that asks the user to pay a US$500 fine by providing their credit card information.
Like its earlier variant, the new Black Rose Lucy relies on Android accessibility services to run its gamut of malicious activities, and it tricks users by pretending to be a harmless video playback app. Besides gaining control over the smartphone or mobile device, the malware also encrypts the gadget's data files, effectively holding it ransom until the fee is paid.
For a technical understanding of how the new Black Rose Lucy works, you can check the researchers' notes uploaded to their blog here. To learn more about the history and evolution of ransomware, you can check out an old feature we had here.
Source: Check Point Research (blog)
