Privacy News Wannacry wannabe copycat ransomware hits android

[cyberfort]

Cybercriminals are using a copycat version of WannaCry ransomware to target Android users in China.

Avast is now detecting mobile ransomware, which we will refer to as “WannaLocker” from now on. The ransomware is targeting Chinese Android users. WannaLocker’s ransom message screen may look familiar to you and that’s because it looks just like the WannaCry ransomware screen

The mobile ransomware has been spreading on Chinese game forums, imitating a plugin for the popular Chinese game King of Glory (王者荣耀), which is how victims are being tricked into downloading the ransomware.

the files are encrypted using AES encryption. It only encrypts files whose names don’t begin with a “.” and does not encrypt files that include "DCIM", "download", "miad", ”android" and "com." in the path or files that are bigger than 10 KB.

The ransom can be paid using the Chinese payment methods QQ, Alipay and WeChat

Victims can scan QR codes to pay the ransom

The ransomware was first reported by Chinese security company, Qihoo 360.

Hashes:
36f40d5a11d886a2280c57859cd5f22de2d78c87dcdb52ea601089745eeee494
200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d

 

[ravi prakash saini]

as if desktop version was not enough

 

[Winter Soldier]

The mobile ransomware has been spreading on Chinese game forums, imitating a plugin for the popular Chinese game King of Glory (王者荣耀), which is how victims are being tricked into downloading the ransomware.

Social engineering as the first attack's vector.

 

[Aleeyen]

No OS can be safe now. That's why whatever OS we are using we always need protective services.

 

[cyberfort]

No OS can be safe now. That's why whatever OS we are using we always need protective services.

Yes true for sure..

But i have analyzed one thing
Famous platforms are more prone to attack
Then the non famous one

Famous : windows, android

Attackers want to infect more number of people so.. They prefer famous OS

 

[jamescv7]

There is no more full proof OS, the source codes/kits to produce like ransomware were available in any environment; ready to deploy anytime.

So of course if you have basic knowledge in such things about prevention then you will not fall in such common trap.

 

[hirudora56]

Another reason it is spreading in china is absence of playstore. In china, Android devices uses many third party dependencies which are sometimes poorly regulated.

 

[S3cur1ty 3nthu5145t]

The mobile ransomware has been spreading on Chinese game forums, imitating a plugin for the popular Chinese game King of Glory (王者荣耀), which is how victims are being tricked into downloading the ransomware.

Key word here is "Tricked", another opportunity to stir the fear. Do not use Unknown sources, only download from the Play store, vet what you are downloading from the play store before doing so, and you shall be just fine.

 

[tryfon]

We really don't need this on our phones as well...