ASEF

Android: Malware has DEVIOUS way to stay on Phone

Android: Malware has DEVIOUS way to stay on Phone

ANDROID smartphone users have been put on alert about a terrifying malware which uses devious means to stay installed on a Google smartphone.


Android fans are being warned about a new strain of malware which can infect your Google device without you even knowing.

Android is one of the most used pieces of software in the world, with more than two billion active devices running Google’s mobile OS each month. Now Android users have been warned about a recently discovered malware strain that is targeting the widely used Google piece of software.

Security researchers are warning about the “swiss army knife” piece of malware which is being offered to cyber criminals – for the right price.

Check Point in a post online outlined the threat from Black Rose Lucy – a botnet developed by Russian-speaking cryptohackers dubbed ‘The Lucy Gang’.

Demonstrations of this cyber security threat have already been showcased by cyber mercenaries offering Malware-as-a-Service (MaaS).

This is when those looking to launch a malware campaign, who don’t have the necessary skill set, hire hackers capable of such an attack. Black Rose Lucy looks to have been developed specifically in mind for compromising devices running the Android operating system.

If Android fans haven’t jailbroken their device then security systems require users of the Google mobile OS to give consent for sensitive functions.

But Black Rose Lucy tricks Android users into allowing this by displaying an alleged “critical system failure” error soon after being installed.

Users are asked to enable a security option “in order to continue the correct operation of the device”.

But all this does is give admin privilege to the botnet so it can show windows on top of other applications and permission to ignore battery optimization.

Check Point stated: “Because the Android accessibility service can mimic a user’s on-screen click, this is the crucial element in order for Black Rose to carry out malicious activities.

“When receiving APK files from the C2 server, Black Rose conducts installations by the same technique, going through installation steps by simulating user clicks.”

Check Point went on to say that the botnet uses the ‘Black Rose Dropper’ – which is a malware payload targeted at Android devices.

This can harvest victim data and install malware payloads issued by the command-and-control server.

Check Point also said that the malware uses devious means to stay installed on Android devices.

They stated: “Black Rose actively checks to see if popular free security tools or system cleaners are launched or not.”

“Once it finds one, Black Rose will simulate a user click on the ‘back’ button or ‘home’ button, hoping to exit those tools or at least stop the victim from using them.”

Compared to using super user privilege to kill other apps at the process level, we find this approach to be much quieter and requiring simpler code implementation. Besides preventing security tools, Black Rose also blocks victims’ ability to use factory reset on their devices.

“Whenever victims try to open the factory reset menu in settings, Black Rose quickly presses the ‘home’ and ‘back’ button.”

So far Black Rose Lucy has only been found to control 82 devices based in Russia, with infections starting in early August this year.

But Check Point warned: “While it may well still be in the early stages, given time it could easily become a new cyber swiss army knife that enables worldwide hacker groups to orchestrate a wide range of attacks.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.