Quote:Cybercriminals behind the Android-based dropper malware Black Rose Lucy have shifted attacks from info-stealing to ransomware – with a sextortion twist.
The malware family, operated by the Lucy Gang, encrypts targeted Android devices and delivers a spoofed FBI message. The ransom note claims the phone’s user has visited “forbidden pornographic sites” on their phone and that a “snapshot” of their face was uploaded to the agency. Pay $500 and the problem goes away, according to Check Point security researchers.
The Russian-speaking threat actor was first identified by Check Point in 2018. At the time, the Lucy Gang promoted its offerings as a malware-as-a-service that could collect victims’ device data, listen to a remote command-and-control (C2) server and install extra malware sent from a C2 server.
With its most recent ransomware campaign, researchers said they have discovered more than 80 malware samples tied to Lucy, along with identifying one new active Lucy variant in the wild. Distribution of the malware is social based, researchers said, where targets are enticed to download a video player booby-trapped with the Lucy dropper.
“We found that the samples we acquired disguised themselves as a harmless-looking video player application, primarily leveraging Android’s accessibility service to install their payload without any user interaction and create an interesting self-protection mechanism,” wrote co-authors of the Check Point report Ohad Mana, Aviran Hazum, Bogdan Melnykov and Liav Kuperman.
Read more: https://threatpost.com/black-rose-lucy-i...re/155265/
![[-]](https://www.geeks.fyi/images/collapse.png)
