If you had seen the movie ‘Lucy’ you would know how powerful she was, and that is exactly what the Russian made malware is capable of, sneaky, powerful, troublesome, and self destructible.
Android targeting malicious actors have now scaled up their malware-as-a-service (MaaS) business to encrypt files and enhance the ransomware operations. This hacking group is called the ‘Lucy’ and are Russians who introduced themselves using the Black Rose Lucy service, offering malware and botnet launching protocols as a service for Android devices.
The update on their MaaS will now allow the actors to encrypt the files in the infected devices and ask for a ransom through browsers. They have customized the message to be as of FBI’s and that the victims have been identified of storing adult content on their android devices. The actors are clouting on the fear a victim develops when they see a message from the legal entities instead of a hacker, and the picture of them being arrested or penalized for storing adult content and visiting adult websites, will lure them to make the payment. Additionally, the actors had also mentioned that the victim’s face has also been captured and is now the FBI cyber crime data base. If the victim is not paying the ransom in three days, the ransom is tripled.
Hackers are used to prefer bitcoins for the ransom; however, in the case of Lucy gang, they had requested for $500 as the initial payment.
Security researchers from Check Point had discovered the Black Rose Lucy Malware variants in September 2018, now they had identified around 80 different samples is distributed in the wild by the actors.
Tatyana Shishkova, an android security researcher from Kaspersky, have identified one of these sample in February 2020, she also had tweeted the four IP addresses used for C&C server.
As per bleeping computer’s discussion with the Check Point manager of mobile research, the malware is right now actively distributed in Soviet states only. The actors check for the country code of the device and then the malware is initiated. Once activated, Lucy will lure the users to activate their Accessibility Service in their android device using an alert that pops up requesting the user to enable the video streaming optimizations.
“Inside the MainActivity module, the application triggers the malicious service, which then registers a BroadcastReceiver that is called by the command action.SCREEN_ON and then calls itself. This is used to acquire the ‘WakeLock’ service, which keeps the device’s screen on, and ‘WifiLock’ service, which keeps the WIFI on” – Check Point
Once Lucy is inside the device, it begins its encryption procedures by retrieving all the directories or /storage or /sdcard, thus moving to next potential storage space based on the failures. After successful identification of data, Lucy begins the encryption and also verifies the same after completion, thus obtaining successful encryption of all the file types without discrimination. Furthermore, after achieving the encryption the malware stores the decryption key in the device itself, and later if the ransom is paid, it sends the logs to the actors post decryption and deletes itself from the device.
As per Check Point researchers, Lucy can make calls, send a list of apps installed on the device, delete encryption keys, run remote shell on the device, displays payment declined messages, and self destructible after successful task completion.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…
View Comments
Thanks again for the blog article. Much thanks again. Keep writing. Sherry Jud Tawney
I like this site because so much useful material on here :D. Joelly Edik Kiri
Excellent post! We will be linking to this particularly great post on our website. Keep up the great writing. Ninon Lon Alister
Your means of explaining all in this post is truly good, all be capable of easily be aware of it, Thanks a lot. Janina Gerek Randell
Pretty! This has been an extremely wonderful post. Thank you for providing this info. Corene Ernst Whitney
Here are a few of the web pages we suggest for our visitors. Minnnie Izak Huldah
We came across a cool website which you may love. Take a appear should you want. Lissie Adelbert Romelle
Very good article! We will be linking to this great content on our website. Keep up the good writing. Aundrea Milton Adams
I enjoyed reading this. Nice read. I enjoyed reading this. This information is magnificent. Fina Bogey Roshan
Thanks to my father who stated to me on the topic of this blog, this web site is actually remarkable. Delly Gaby Johnson