Check Point Software: 'Black Rose Lucy' botnet threatens Android devices
By Chong Jinn Xiung September 28, 2018
- Threat actors are offering MaaS botnet as a service to other hackers
- Keep devices updated and be wary of apps that ask for too much permission
RESEARCH by Check Point Software shows that the latest Malware-as-a-Service (MaaS) Botnet nicknamed “Black Rose Lucy” is targeting and infecting Android smartphones and tablets.
Black Rose Lucy, is said to have been developed by a Russian-speaking team that has already conducted various demonstrations to clients. Though it is in its early stages of development, Check Point Software believes that it could be a new cyber swiss army knife that hacker groups can use to orchestrate a wide range of attacks.
Check Point Software Technologies Ltd cyber analyst Feixiang He describes "Black Rose Lucy" as a malware bundle, with "Black Rose" the Android malware, and "Lucy" the remote control web dashboard.
“From the team's research, it would appear that the primary objective of the hackers (nicknamed "Lucy Gang") is to do small-scale infections, prove the MaaS' capabilities to potential buyers, then sell to other hackers as a "service". The gang does not seem to pursue large-scale infections at the moment,” he said.
The report states that the modern Android system’s accessibility service is the Achilles heel in the system’s defence. Once a victim is tricked into enabling accessibility service for the malware, an APK file installation and self-protection setup will go up without their consent.
According to Check Point Software, the malware can turn an infected phone into a spy device, recording important meetings and leaking sensitive data to hacker-controlled servers. It can also make victims' phones mine cryptocurrencies for hackers. It may command infected devices to perform clicks on online or mobile advertisements to generate revenue for hackers as well.
Although there have been no recorded attacks occurring in Southeast Asia, He believes that once the hackers prove the MaaS’ capabilities to its buyers, it will be sold as a service to other hackers who want to commit crimes across multiple countries.
As to how users can prevent their Android phones from being hacked and taken over, he advises users to keep their devices updated. Everything from the operating system to the apps that they use.
“Users should download applications only from trusted sources. When an application requests sensitive permissions (e.g. accessibility and device admin privileges), be wary. If applications request too many unrelated permissions, users can consider alternatives with similar features,” he said.
In addition, users should consider installing security tools, since relying on human users alone will not be adequate against sophisticated attacks.