Android Security

Lucy malware encrypts android devices and demands for $500 as ransom


If you had seen the movie ‘Lucy’ you would know how powerful she was, and that is exactly what the Russian made malware is capable of, sneaky, powerful, troublesome, and self destructible.

Android targeting malicious actors have now scaled up their malware-as-a-service (MaaS) business to encrypt files and enhance the ransomware operations. This hacking group is called the ‘Lucy’ and are Russians who introduced themselves using the Black Rose Lucy service, offering malware and botnet launching protocols as a service for Android devices.

The update on their MaaS will now allow the actors to encrypt the files in the infected devices and ask for a ransom through browsers. They have customized the message to be as of FBI’s and that the victims have been identified of storing adult content on their android devices. The actors are clouting on the fear a victim develops when they see a message from the legal entities instead of a hacker, and the picture of them being arrested or penalized for storing adult content and visiting adult websites, will lure them to make the payment. Additionally, the actors had also mentioned that the victim’s face has also been captured and is now the FBI cyber crime data base. If the victim is not paying the ransom in three days, the ransom is tripled.

Hackers are used to prefer bitcoins for the ransom; however, in the case of Lucy gang, they had requested for $500 as the initial payment.

Security researchers from Check Point had discovered the Black Rose Lucy Malware variants in September 2018, now they had identified around 80 different samples is distributed in the wild by the actors.

Tatyana Shishkova, an android security researcher from Kaspersky, have identified one of these sample in February 2020, she also had tweeted the four IP addresses used for C&C server.

As per bleeping computer’s discussion with the Check Point manager of mobile research, the malware is right now actively distributed in Soviet states only. The actors check for the country code of the device and then the malware is initiated. Once activated, Lucy will lure the users to activate their Accessibility Service in their android device using an alert that pops up requesting the user to enable the video streaming optimizations. 

“Inside the MainActivity module, the application triggers the malicious service, which then registers a BroadcastReceiver that is called by the command action.SCREEN_ON and then calls itself. This is used to acquire the ‘WakeLock’ service, which keeps the device’s screen on, and ‘WifiLock’ service, which keeps the WIFI on” – Check Point

Once Lucy is inside the device, it begins its encryption procedures by retrieving all the directories or /storage or /sdcard, thus moving to next potential storage space based on the failures. After successful identification of data, Lucy begins the encryption and also verifies the same after completion, thus obtaining successful encryption of all the file types without discrimination. Furthermore, after achieving the encryption the malware stores the decryption key in the device itself, and later if the ransom is paid, it sends the logs to the actors post decryption and deletes itself from the device.

As per Check Point researchers, Lucy can make calls, send a list of apps installed on the device, delete encryption keys, run remote shell on the device, displays payment declined messages, and self destructible after successful task completion.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on FacebookLinkedinInstagramTwitter and Reddit

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

View Comments

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago