WannaLocker ransomware found combined with RAT and banking trojan

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities.

Cybercriminals have been using the all-in-one malware package in a campaign targeting Brazilian banks and their Android mobile customers, according to a July 1 blog post from Avast.

Avast threat researcher Nikolaso Chrysaidos, who discovered the malware, reported via his Twitter account that this new WannaLocker version appears to be a trifecta of the WannaLocker ransomware user interface, the AhMyth RAT program and custom banking malware. (French security researcher Elliot Alderson replied to Chrysaido’s tweets, identifying the ransomware as SLocker – to which Chrysaido responded, “Yeah, it’s the same [thing].”)

“We believe this is the first sighting of this new mobile version of WannaLocker,” said Chrysaidos, as quoted by his company’s blog post. “It harvests text information, call logs, phone number and credit card information, and if it takes off it could be a very serious issue.”

The likely attack vectors in this campaign are malicious links or third-party app stores, Avast reports.

“The banking Trojan works by showing users a fake interface and urging them to address an issue with their account by signing in,” Avast’s blog post states. “When they do, the malware collects a wide range of data, including the mobile manufacturer and other hardware information, call log, text messages, phone number, photos from front and back camera, contact list, GPS location and microphone audio data.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top