Black Rose Lucy Back With a Vengeance

Incidents of mobile malware have gained prominence and ubiquity. Black Rose Lucy - an Android dropper - is being used by attackers as ransomware with a sextortion angle.

What is Black Rose Lucy?

Black Rose Lucy, or simply Lucy, is designed as a Malware-as-a-Service (MaaS) botnet and a dropper for Android. It was first detected in September 2018, and after two years, it is back with sophisticated ransomware capabilities in its hat. It can gain access to victim’s devices and install malicious software.

How it works

Android devices are targeted and a spoofed FBI message is sent to the user, accusing them of having forbidden pornographic content on the device. It also states that a snapshot of their face has been uploaded to the agency. The victim is asked to pay a “fine” of $500 through their credit card.

At first sight

The malware disguises itself as a video player app and leverages the accessibility option in Android devices to install its payload. This ensures that there is no interference by the user. Subsequently, it creates a self-protection mechanism.

  • The user receives a message, “to continue watching the video on your phone, you must enable Streaming Video Optimization (SVO), select it in the menu and turn it on!”
  • The malware gains access to the Android Accessibility Service when the victim clicks on “OK”.
  • Once the malware finishes encrypting the files on the user’s device, the message is displayed on the user’s screen.

In essence

Mobile ransomware is getting sophisticated with every passing day and Lucy is considered to be a milestone in the evolution of mobile malware. Researchers have stated that the mobile world will witness a major destructive ransomware attack, in the coming times.