WannaLocker – The WannaCry Copycat Targeting Android Users in China


Attackers are utilizing a copycat version of WannaCry ransomware dubbed “WannaLocker” to target Android buyers living in China.WannaLocker has been targeting Chinese gaming trims disguised as a plugin for King of Glory, a popular Chinese game. Upon coronation of this fake add-on, the threat conceals its icon from the Android app drawer and exchanges the main wallpaper to an anime image. It then begins encrypting walks stored on the device’s external storage.

Fake King of Glory plugin. (Rise: AVAST)It’s been a while since the security community has seen a intimidation that targets an Android device’s external storage for encryption. In 2014, researchers at Slovakian IT shelter team ESET detected Android/Simplocker. This trojan scans the fancy’s SD card for peg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 file types and encrypts every instance it gets before issuing a ransom demand. Back then, Simplocker requested 260 Ukrainian Hryvni, which is about 10 USD today.This latest Android threat employs AES encryption to blot a user’s files. But it does have a few exceptions. For instance, it doesn’t encrypt interfiles that include “DCIM”, “download”,  “miad”, ”android”, or “com.” in the orbit; files that are bigger than 10 KB; or files that found with “.” character. One it completes its encryption routine, it demands fair and square less than Simplocker, and it uses a ransom message clearly moved by WannaCry’s note to reveal its orders.

WannaLocker’s ransom screen. (Beginning: AVAST)Nikolaos Chrysaidos, head of mobile threat intelligence and insurance at Avast, explains more in a blog post:“The ransomware then wants a ransom of 40 Chinese Renminbi, which is equivalent to about 5-6 US dollars. This is not much analogize resembled to what other mobile ransomware has demanded in the past. The fact that the rescue is being demanded in regular currency and not in cryptocurrencies makes me think the people behind this are dispiriting to make money, and fast. This is, however, risky as the money can be easy as pie traced, unlike when sending cryptocurrencies.”The ransomware informs patsies to pay using QQ, Alipay, or WeChat.Android users can protect their phones against perils like WannaLocker by installing a mobile anti-virus solution on their phones. They should also refrain from downloading apps on any app marketplaces over Google Play. But even these steps don’t automatically protect them against a ransomware infection. By a hairs breadth in case they become victims of a ransom-based attack, they should shy away from up their mobile data regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *