A new “swiss army knife” botnet originating from Russia has emerged in the Malware-as-a-Service (MaaS) arena, touting Android-based payloads to potential cybercriminal clients. According to researchers from Check Point, the botnet has been developed by a group of Russian-speaking hackers known as “The Lucy Gang,” and demos have already been provided to potential subscribers to the system looking for Malware-as-a-Service (MaaS) solutions. Botnets are a thorn in the side for cybersecurity firms, hosting providers, and everyday businesses alike. The systems are made up of enslaved devices including mobile devices, Internet of Things (IoT) gadgets, and PCs.
These products are then issued commands by a command-and-control (C2) server controlled by the botnet operator to perform a variety of malicious activities, including mass spam email campaigns and distributed denial-of-service (DDoS) campaigns.
This botnet is no different, the security team said in a blog post. However, Black Rose Lucy does appear to be a specialist system for compromising devices operating on Google’s Android operating system.
If Android devices are not jailbroken, security systems in the OS require users to actively give apps consent and permissions to perform sensitive functions or gather user data.
However, the researchers say that Black Rose Lucy takes advantage of the Android accessibility service to dupe victims into granting consent for the service, leading to the installation of malicious APK files.
Submitted by: Arnfried Walbrecht