Android ransomware attack spoofs the FBI with accusation of pornography

The attack accuses victims of possessing pornography, encrypts all recordsdata on the machine, after which instructs them to pay a effective to unlock the knowledge, in response to Check Point Research.

Ransomware assaults all typically comply with the similar playbook. The attacker encrypts or locks delicate recordsdata in your pc or machine and calls for a ransom with the intention to unlock them. In most instances, the criminals behind the attack make no try to masquerade their id, assured of their means to persuade sufficient folks to pay the ransom. But one new malware marketing campaign analyzed by cyber risk intelligence supplier Check Point Research spoofs the FBI to lend an air of legitimacy to the ransom demand.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic) 

In a blog post published Tuesday, Check Point revealed the particulars behind a Malware-as-a-Service (MaaS) botnet referred to as Black Rose Lucy. Originally seen by Check Point in September 2018, Lucy acts as a dropper to unfold malware and take management of Android gadgets.

After a profitable an infection on an Android machine, Lucy encrypts recordsdata after which shows a ransom notice in a browser window. This notice claims to be an official message from the FBI that accuses the sufferer of owing and storing pornography.

Beyond encrypting the knowledge and locking the machine, the attacker warns that the particulars of this offense have been despatched to the FBI Cyber Crime Department’s Data Center. To regain management of the machine, the sufferer is then instructed to pay a effective of $500 by utilizing a bank card.

” data-credit=”Image: Check Point Research”>lucy-ransomware-check-point.jpg

Image: Check Point Research

In its evaluation, Check Point discovered greater than 80 samples of this attack distributed principally by means of social media hyperlinks and messaging apps. Masquerading as common video participant apps, these samples are capable of management contaminated gadgets by exploiting the Android accessibility service, which is designed to help folks with disabilities by automating sure person interactions. To launch the attack, Lucy asks customers to allow Streaming Video Optimization (SVO). This provides the botnet permission to make use of the accessibility service, thus permitting it to encrypt recordsdata on the machine.

The malware’s code factors to 4 totally different encrypted command and management (C&C) servers that may talk with Lucy. The C&C servers are coded as domains quite than IP addresses, which suggests that anyone server taken offline may be reactivated just by taking over a unique IP tackle. The code signifies a variety of instructions that the C&C servers can situation with out the person’s information or permission, together with ones to view all the directories on the machine to encrypt recordsdata, decrypt recordsdata if the ransom is paid, decline the cost, and take away the malware from the machine.

“We are seeing an evolution in cell ransomware,” Check Point Manager of Mobile Research Aviran Hazum stated in a press launch. “Mobile malware is extra subtle, extra environment friendly. Threat actors are studying quick, drawing from their expertise of previous campaigns. The FBI mimic is a transparent scare tactic. Sooner or later, we anticipate the cell world will expertise a significant harmful ransomware attack. It’s a scary however very actual chance. We urge everybody to assume twice earlier than accepting or enabling something whereas searching movies on social media.”

To guard in opposition to cell malware, Hazum advises folks to put in a safety product on their machine, use solely official app shops and markets, and at all times preserve the working system and apps updated.

Also see

Ransomware

Image: kaptnali, Getty Images/iStockphoto

Recommended For You

Leave a Reply