Security News > 2020 > April > ‘Black Rose Lucy’ is Back, Now Pushing Ransomware

Cybercriminals behind the Android-based dropper malware Black Rose Lucy have shifted attacks from info-stealing to ransomware - with a sextortion twist.

With its most recent ransomware campaign, researchers said they have discovered more than 80 malware samples tied to Lucy, along with identifying one new active Lucy variant in the wild.

"The malware starts by registering a receiver called 'uyqtecppxr' to run BOOT COMPLETE and QUICKBOOT POWERON to check if the country code of the device is from a former Soviet state. Lucy then tries to trick the victim into enabling the Accessibility Service by initiating an Alert Dialog that asks the user to take action," researchers explain.

Another update to Lucy's attack strategy is the Black Rose Lucy malware fortifies its C2 servers.

Black Rose Lucy, they said, is an example of that and represents "An important milestone" in the evolution of mobile malware.

News URL

https://threatpost.com/black-rose-lucy-is-back-now-pushing-ransomware/155265/