A threat actor focusing on Android systems has expanded their malware-as-a-service (MaaS) business with file-encrypting capabilities for ransomware operations. The actor is a Russian-speaking team that made itself known two years ago with the Black Rose Lucy service, offering botnet and malware dropping capabilities for Android devices. The new feature allows customers of the service to encrypt files on infected devices and show a ransom note in the browser asking for $500. The message purports to be from the FBI and accuses the victim of storing adult content on the mobile device.
Source: https://www.bleepingcomputer.com/news/security/lucy-malware-for-android-adds-file-encryption-for-ransomware-ops/