Light Dark
September 28, 2018 By Wylie Wong 2 min read

Security researchers discovered an emerging malware-as-a-service threat that would allow cybercriminals to infect Android phones with malicious software and block users from running security solutions on their devices.

The offering, called Black Rose Lucy, has a dashboard that shows simulated victims in France, Israel and Turkey. This led researchers at Check Point Research to conclude that the Russian-speaking developers have likely run demos for prospective cybercrime groups that are interested in attacking targets in those countries. China is another likely target because it is the largest market for Android devices.

“Given time it could easily become a new cyber Swiss Army Knife that enables worldwide hacker groups to orchestrate a wide range of attacks,” the researchers warned in a threat report dated Sept. 13.

Malware-as-a-service is very much like any traditional cloud service, but instead of subscribing to a harmless application in the cloud, cyberthieves can subscribe to black-market malware services that provide them with all the tools they need to execute attacks.

How Black Rose Lucy Works

Black Rose Lucy has two main components:

  1. Lucy Loader, a dashboard that allows users to control an entire botnet of victim devices and deploy additional malware payloads.
  2. Black Rose Dropper, which targets Android phones, collects victim device data and can install extra malware from a remote command-and-control (C&C) server.

To infect phones, the dropper prompts victims to enable the Android accessibility service for an application called Security of the System, which is actually the dropper, according to Check Point Research. When enabled, Black Rose Lucy can grant itself device administrative privileges. When it receives Android Package Kit (APK) files from the C&C server, it installs the files by simulating user clicks.

Black Rose Lucy also has self-protection features. If popular security solutions or system cleaners are launched, it simulates a user click to the “back” or “home” button to exit the tools. The dropper also blocks users from performing a factory reset.

The researchers noted that Black Rose Lucy is likely designed to target China because its dropper pays attention to Chinese security and system tool applications.

How to Protect Your Network From Malware-as-a-Service Threats

The threat alert issued on the IBM X-Force Exchange advised IT organizations to update their antivirus software, apply the latest patches to all applications and operating systems, and monitor their environments for indicators of compromise (IoCs).

Security experts also recommend conducting hands-on security awareness training that includes immersive simulations and promotes organizationwide security buy-in from the top down.

 |  |  |  |  |  |  | 
Wylie Wong

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature