A modified version of the Black Rose Lucy malware has surfaced on Android devices with the hackers impersonating the FBI. When affected users pay a fine, they supposedly could regain access to their encrypted files.

At the end of 2018, Check Point’s security researchers identified a new variant of mobile malware and named it Black Rose Lucy. At the time, the malware variant was specifically designed to hit Android users and use the affected device as part of a larger botnet. The new version of the Black Rose Lucy is built with a ransomware purpose, the malware encrypts files on the device and issues a ransom for it.

When Lucy is installed, affected users are presented with a web page that says that the FBI encrypted the device because pornographic material was found. All of the user’s data have been supposedly uploaded to the federal police’s Cyber Crime Unit database. The encrypted files will only be released when the victims use their credit card to pay a 500 dollar ‘fine’.

The new variant of Black Rose Lucy was distributed via social media and, when downloaded, asks the user permission to optimise video streaming on the device. If the user gives complies and gives the application permission to optimise their streaming, the malware will gain access to certain services after which the ransomware can be activated.

Russian roots

Check Point’s researchers have been able to trace Lucy’s source back to Russian cybercriminals. These criminals sell malware and ransomware to hackers as a service.

With Lucy’s new surfaced version, the researchers believe that it is clear that mobile ransomware has reached a milestone when it comes to responding to the current malware market. According to Check Point, this could be ‘the beginning of a major, destructive attack’. Security on smartphones is becoming a bigger issue.