After CryptoLocker, WannaCry and Ryuk wreaked havoc on countless computers and computer systems, ransomware is beginning to win out in the mobile world. Check Point researchers have discovered a new type of ransomware that is threatening users of the Android operating system. Black Rose Lucy hides in video playback applications and, when enabled, allows hackers to take complete control of the victim's devices.
In all, the security company was able to detect 80 samples of the ransomware distributed through links on social networks and instant messaging applications. Once activated, Black Rose Lucy encrypts all files on the victim's device and presents a ransom note in the browser where hackers pose as the FBI.
Hackers accuse the victim of having suspicious files, such as prohibited pornographic material, on the device. The ransom note states that the user's data, including their location as well as screenshots of their face, are now part of the FBI's Cyber ??Crime Department Data Center. To resolve the situation in hand, the hackers indicate that the victim will have to pay a fine of 500 dollars, making the payment through a credit card.
Check Point researchers explain on the company's website that Black Rose Lucy uses an ingenious method to enter the operating system. The ransomware displays a message that asks the user to activate the video optimization feature in real time.
By clicking OK, the user is giving ransomware permission to use the Android accessibility service, seen by Check Point experts as the Achilles character of the operating system. The functionality allows to automate and simplify some tasks, but often used by hackers to install malware.