A report by check point cyber security company revealed a new ransomware attack in which cybercriminals pretend to be FBI officers to oblige victims to pay their “fine” with a credit card.
According to the April 28 report, the malware known as “Black Rose Lucy” is unusual in that there are no ransom payments for cryptocurrencies like Bitcoin (BTC) and it affects users of mobile devices running Android as an operating system. .
Check Point had been tracking the beginnings of malware since September 2018, which originated in Russia as a “Malware-as-a-Service” botnet (MaaS). However, various changes were made to the device in the form of a rescue program and malicious applications were installed.
False FBI warnings
As is common with ransomware attacks, Lucy encrypts the files on the infected device and displays a false FBI warning accusing the victim of having pornographic content on their devices.
The message also claims that the details of the target user have been uploaded to the FBI’s Cyber Crime Department’s data center and lists a number of false charges against him.
The fine is $ 500, but has to be paid by credit card instead of Bitcoin, as ransom attacks often work.
Not a serious threat
Brett Callow, a threat analyst at Emsisoft, told Cointelegraph that he doesn’t think mobile platforms are a target for serious ransomware groups:
“It’s just not where the money is. While an attack on endpoints and corporate servers can paralyze a company and allow criminals to extort a substantial ransom, so does an attack on mobile devices.”
Callow adds the following comment that ransomware attacks like Lucy accept credit card payments:
“The fact that these low-level extortionists seem to do business with credit cards rather than Bitcoin is unusual, but not a particularly significant development. I certainly wouldn’t expect to see any of the real ransomware groups. Approaching the strategy.”
Android users are hacked with fake notifications
According to the cybersecurity company, Lucy uses a “clever” method to bypass Android security and displays a message asking the user to enable real-time video optimization.
As a next step, cyber criminals persuade the victim to give malware permission to use the Android accessibility feature.
On April 21, Cointelegraph reported on a publication by the Emsisoft malware laboratory, which highlighted that the number of ransomware attacks in the public sector had declined significantly in the first quarter of 2020 despite the 2020 crisis, COVID-19.
You may be interested in: