The malware, referred to as “Black Rose Lucy” is different in the sense that it does not call for ransom payments in the form of cryptos such as Bitcoin (BTC) and it targets users of gadgets running on Android operating system.
Since September 2018, Check Point has been tracking malware, which originated as a “Malware-as-a-Service” (MaaS), an automated program. Nevertheless, it soon became ransomware which can make changes in device settings and install illegal applications.
As in case of ransomware breaches, Lucy encrypts files that are stored in the infected gadget and shows a bogus FBI warning, alleging the victim of storing pornographic content on their gadget.
The displayed warning also indicates that details regarding the user have been transmitted to the FBI Cyber Crime Department’s Data Center and slates numerous fake charges slapped against the user.
To avoid legal prosecution, the message calls for an immediate penalty payment of $500 via credit card, rather than Bitcoin, which is common in case of ransomware attacks.
Brett Callow, Emsisoft’s risk analyst, opined that mobile platforms are not taken seriously so far by full-fledged ransomware teams:
“It’s simply not where the money is at. While an attack on corporate endpoints and servers can bring a company to a standstill and enable the criminals to extort a significant ransom, the same cannot be said for an attack on mobile devices.”
Regarding acceptance of payments via credit cards by ransomware such as Lucy, Callow said
“The fact that these low-level sextortion scammers are seemingly transacting via credit card rather than Bitcoin is unusual but not a particularly significant development. I certainly wouldn’t expect to see any of the real ransomware groups adopting the strategy.”
The cybersecurity company states that Lucy utilizes an “ingenious” way to bypass Android security, showing a message directing the user to enable live video optimization.
This is followed by convincing of the victim by cybercriminals to handover permission for malware program that establishes access to the Android device.
It can be remembered that a document released by Emsisoft lab details about malwares underlined that there was a considerable decline in the number of triumphant attacks on the public sector in the first-quarter of 2020, in spite of Covid-19 outbreak.