A recent research report from Check Point Research, the leading cybersecurity firm, has revealed a ransomware attack, where cyber criminals pose as the FBI to demand victims pay their “fine” by credit card.
On April 28, it has been reported that the malware, known as “Black Rose Lucy,” is unusual, since there are no ransom payments involving cryptocurrencies like Bitcoins and it affects users of mobile devices with Android as an operating system. Distribution of the malware is social based, researchers said, where targets are enticed to download a video player booby-trapped with the Lucy dropper.
The malware family, operated by the Lucy Gang, encrypts targeted Android devices and delivers a spoofed FBI message. The ransom note claims the phone’s user has visited “forbidden pornographic sites” on their phone and that a “snapshot” of their face was uploaded to the agency. Pay $500 and the problem goes away, according to Check Point security researchers.
However, Check Point had already traced the beginnings of the malware back in September 2018, originating in Russia as a “Malware-as-a-Service” (MaaS) botnet, as it took the form of ransomware to make various changes to the device and install malicious applications.
As per report, Check Point Research found that the malicious script now hosts additional features, such as its ransomware component, the ability to take control of the victim’s devices, and the capability to install other malicious applications.
<img src="https://www.cryptonewspoint.com/wp-content/uploads/2020/04/ransome-note-lucy.png" alt="The ransom note Black Rose Lucy uses " class="wp-image-15119 lazyload" width="521" height="371" />
The ransom note Black Rose Lucy uses
Also, the message states that the details of the targeted user have been uploaded to the FBI Cyber Crime Department’s Data Center and lists a series of bogus charges brought against them.
Brett Callow, the Threat Analyst at Emsisoft, said that he does not believe that mobile platforms are a target for serious ransomware groups.
He added:
“It’s simply not where the money is at. While an attack on corporate endpoints and servers can bring a company to a standstill and enable the criminals to extort a significant ransom, the same cannot be said for an attack on mobile devices.”
A cybersecurity firm discovers new ransomware that poses as the FBI https://t.co/iX8Ak3c28r — Cointelegraph (@Cointelegraph) April 28, 2020
Also, Callow stated:
“The fact that these low-level sextortion scammers are seemingly transacting via credit card rather than Bitcoin is unusual but not a particularly significant development. I certainly wouldn’t expect to see any of the real ransomware groups adopting the strategy.”
However, Check Point says that Black Rose Lucy uses an “ingenious” method to circumvent Android security by displaying a message asking the user to activate real-time video optimization. The cybercriminals, as a next step, induce the victim to give malware permission to use the accessibility function in Android.
Researchers stated that the incidents of mobile malware are becoming more common and growing more sophisticated day by day. Sooner or later, the mobile world will experience a major destructive ransomware attack. For a technical understanding of how the new Black Rose Lucy works, you can check the researchers’ notes uploaded to their blog here.
Source: Check Point Research (blog) | Cointelegraph