This devious Android ransomware pretends to be the FBI

Tricks victims into downloading and installing malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new form ofransomwareis spoofing emails from the FBI in order to trick victims into downloading malware.

Researchers from Check Point have revealed the malware, known as “Black Rose Lucy”, is targeting Android devices in order to install threats that force users to pay out to unlock their device.

The ransom note goes a step further than typical messages by pretending to be from the FBI, displaying a browser message that accuses the victim of possessing pornographic content on their device.

Black Rose Lucy

Black Rose Lucy

Check Point says that it first detected Black Rose Lucy in September 2018, with the malware thought to have originated in Russia. It disguises itself as a harmless video player application, tricking the user into giving away administrative access to te device.

The malware’s message states that the user’s details have been uploaded to the FBI Cyber Crime Department’s Data Center, accompanied by a list of legal offenses that the user is accused of supposedly committing.

To make the situation “go away” and unencrypt their device, the victim is instructed to pay a $500 “fine”, although in a change to many ransomware scams, the payment needs to be made via credit card, not Bitcoin.

“We are seeing an evolution in mobile ransomware: it’s becoming more sophisticated and efficient," noted Check Point Manager of Mobile Research, Aviran Hazum.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Threat actors are learning fast, drawing from their experience of past campaigns, and the impersonation of a message from the FBI is a clear scare tactic. Sooner or later, we anticipate the mobile world will experience a major destructive ransomware attack. It’s a scary but very real possibility, and we urge everyone to think twice before clicking on anything to accept or enable functions while browsing videos on social media.”

Check Point recommends that users should install a security solution on their devices and only use official app stores in order to stay safe from such threats, as well as keeping their device’s OS and apps up to date at all times.

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs