The Federal Bureau of Investigation, or FBI, is one of the most powerful government agency in the United States.
Famous around the world, the the investigative arm of the U.S. Department of Justice has a century-old history, and been around solving infamous cases.
But most of the time, the agency focuses on stopping terrorism, corruption, organized crime, cyber crime and civil rights violations, as well as investigating serious crimes such as major thefts or murders.
With a wide coverage of crimes, FBI can be at the forefront in many cases that requires it to conduct investigation of violations of federal criminal law.
But that doesn't mean the agency really care about people's browsing habit, let alone their online porn activities.
Unless provoked, the federal agents don't want to know what porn people have downloaded on their device, nor their fetishes, not their preferences.
But hackers apparently, want people to believe that.
Dubbed the 'Black Rose Lucy', this Android malware acts a ransomware that encrypts victims' files and poses as the FBI to trick them into providing their credit card information.
Disguising itself as a “video streaming optimizer”, the malicious app tricks users into enabling Android’s accessibility service and grants itself administrative privileges. If granted, the malware can carry out APK file installation and self-protection setup without victims' consent, encrypts files, and display a ransom note.
It also actively checks to see if popular free security tools or system cleaners are launched or not. It also check if victims want to initiate a factory reset.
When it finds the instances, it will simulate a user click on the ‘back’ button or ‘home’ button, hoping to exit those tools or at least stop the victim from using them.
The ransomware then accuses victims of storing porn on their phone, and threatens that their details have been uploaded to the FBI Cyber Crime Department’s data center.
It also comes with a list “legal offenses” the user has allegedly committed.
What should be noted is that, none of the information it gives is true.
This kind of scam is called "sextortion". In 2019 alone, researchers from Digital Shadows found that sextortion attackers netted over $300,000 worth of Bitcoin by blackmailing users over email.
But Black Rose Lucy here, takes sextortion scam to a new level, simply because it's a ransomware that takes victims' phone as hostages.
What the malicious actor does, is merely using the tactic to lure their unsuspecting victims into paying a $500 “fine” to unlock their device.
For a ransomware, Black Rose Lucy is also unique because it demands payment through credit card, and not the usual Bitcoin payment method.
Discovered by researchers from security firm Check Point, Black Rose Lucy that comes from a ransomware family first discovered in 2018, spreads through various social media and messengers
Originating from Russia, Black Rose Lucy was developed by a Russian speaking team dubbed ‘The Lucy Gang’. As a Malware-as-a-Service botnet, it is able to download and install new threats with ransomware capabilities, whenever the authors can.
Having discovered Black Rose Lucy, the researchers warn that ransomware in general has evolved.
"Indeed, we got the impression that Black Rose Lucy has plans to become a botnet service far beyond the Russian border due to the Black Rose dropper currently supporting an English, Turkish and Russian user interface," said Check Point on its post.
"We are seeing an evolution in mobile ransomware: It’s becoming more sophisticated and efficient,” added Check Point’s Aviran Hazum.
"Threat actors are learning fast, drawing from their experience of past campaigns, and the impersonation of a message from the FBI is a clear scare tactic. Sooner or later, we anticipate the mobile world will experience a major destructive ransomware attack. It’s a scary but very real possibility, and we urge everyone to think twice before clicking on anything to accept or enable functions while browsing videos on social media."
To avoid falling victim to Black Rose Lucy, Android users should make sure that they download apps only from trusted sources, like the Google Play Store, as well as keeping their device’s OS and apps up to date at all times.