Posted on April 29, 2020 at 10:46 AM
Cybersecurity researchers Checkpoint has warned that very dangerous malware is locking android users out of their phones. After locking the users, they encrypt the data and demand a ransom before undoing the damage. If the ransom is not paid, they threaten to expose the compromised data on the darknet.
These types of malware attackers are rare, but very dangerous when they operate. However, Checkpoint has reiterated that there are ways to stop the attackers and prevent them from locking the user out of their phones.
How malware operates
The malware is known as Black Rose Lucy and is designed by a Russian hacking syndicate initially discovered in 2018.
When it was developed, Lucy was only a command and control server and a packaged dropper. But the malware has evolved since then.
Presently, the malware now cannot only hack into android phones but fully encrypt the device, making it difficult for the owner to access details on their phone. That’s the basic operational target of the malware.
With this sophisticated feature, it could be devastating for any phone the malware manages to infiltrate. Other malware would only gain access to the android device with no capability to encrypt the files. That means both the attackers and victims of the affected phones can access the phones.
But in the case of Lucy, the victim is denied access to important files in their android device.
Lucy disguised as a video media player
Checkpoint reveals that the actors are distributing Lucy over social media, with the malware acting as a media player.
At the launch page, the fake player requires the user to enable the “video sharing optimizer.” That is the central point from which the malware penetrates. If any user allows the service, Lucy finds its way into the android device and gives itself administrative privileges on the phone, which is an action termed “Android Achilles Heel” by Checkpoint.
Checkpoint has warned that the android users receiving this message should not enable the service because it’s a ploy for the malware to gain access into the user’s Android device
Similar malware discovered
In a similar report, a highly technical banking Trojan has developed new strategies to deceive Android users to download the malware. The Trojan is camouflaging as adobe flash player
Phishing attacks and malicious links have been the order of the day as threat actors are leveraging the pandemic for financial gain.
Cybercrime has increased during the lockdown
The present lockdowns in major parts of the world have seen the rise in popularity of the social messaging app. People need to keep communicating with their colleagues and friends via video conferencing since they are not able to meet physically.
As these messages pass through various channels to reach their destination, there is a risk of exposure from different fractions of cybersecurity hackers looking to pounce on any vulnerability.
Users should be more proactive
Checkpoint said in the course of the research, it discovered more than 80 different samples of the same Lucy with different instructions but accomplishing the same purpose.
They all disguised themselves as legitimate video player applications and utilized the same trick accessibility service to install payloads.
Checkpoint has also warned android users not to install or give permission for the “video streaming optimizer”. This is a short term measure to keep the malware out of your phone.
The security research firm said the recent format of Lucy is a revolution in mobile hacking, where malware now has more power than ever before. “Mobile ransomware is getting more and more sophisticated and efficient, as shown by Lucy,” Checkpoint says.
Before long, the mobile world would see an increase in a sophisticated malware attack, just as Lucy has proven. The research team pointed out that if people can develop Lucy to be as sophisticated as this, there could be more of it or even better in the future. As a result, people should be more careful and double their efforts to secure their devices.