The infamous Lucy ransomware has now appeared again to prey on users. This time, Lucy ransomware threatens Android users with a threat seemingly from the FBI.
Researchers from Check Point have highlighted Lucy ransomware back in action. This time, Lucy ransomware targets Android users while impersonating the FBI.
As explained in a recent post, Lucy first caught the attention of Check Point back in 2018. And now, after two years, the ransomware that serves as malware-as-a-service (MaaS) back with improvised capabilities to target Android devices.
Briefly, the malware is spreading around mainly through social media links and instant messaging apps. The researchers found at least 80 different samples carrying this Lucy variant.
Upon entering the target device, the malware tricks the user to gain access to the Android Accessibility Service. As stated in the post,
This then lets the malware take control of the smartphone’s screen and WiFi, keeping both ‘On’.
After that, Lucy starts encrypting all files. Once verified, it displays the ransom note via the device’s browser, which appears as a notice from the US FBI. This notice may suffice into scaring the victim to pay the ransom which, to them, seems a fine for cybercrime.
Below is a copy of the ransom note.
The malware performs other activities on the device. Some of its capabilities include making calls to the C&C server number, send a list of all installed apps to the C&C, and, the most peculiar one is to display a message to the victim regarding a failed payment.