WannaCry wannabe on Android? There is a WannaCry copycat trying to encrypt your files in your Android device

Recently, a new malicious app mimicking WannaCry was discovered in the wild. Here is what you need to know about this ransomware targeting Android devices.

What is WannaCry?

By now, we all know what is WannaCry. If you are out of the loop and have no idea of what WannaCry is, let me explain it to you in simple terms. WannaCry is a malicious program which encrypts all your files and demands payment in order for you to access (decrypt) your files. It propagates automatically and encrypts everything that is finds in your computer. For more information, head here.

Who is this wannabe?

Recently, Avast published an article about a circulating WannaCry wannabe that targets Android users. This copycat is named WannaLocker by Avast. This ransomware is spreading on a Chinese game forums and is disguising itself as a game plugin for  King of Glory (王者荣耀).

WannaLocker: King of Glory disguise (courtesy of Avast.com)

WannaLocker: King of Glory disguise (courtesy of Avast.com)

WannaLocker: Application view (courtesy of Avast.com)

WannaLocker: Application view (courtesy of Avast.com)

What does it do?

Similar to WannaCry, WannaLocker encrypts every file found in your device. However, due to the limitations found in Android, this copycat has some weird implementations. Here’s its behavior as noticed by Avast:

  • The ransomware will hide itself from the application drawer after installation
  • It will immediately change the wallpaper to an Anime wallpaper
  • The app will only encrypt files found in the External Storage (SD card)
  • It does not encrypt files with names that begin with a dot (“.”) and files that include “DCIM”, “download”, “miad”, “android”, and “com”
  • It avoids encrypting files that are smaller than 10KB
  • The app has no capability to self propagate

How to pay for ransom?

Victims of this application can pay the ransom via Chinese payment methods such as QQ, Alipay, and WeChat.

WannaLocker: Payment methods (courtesy of Avast.com)

WannaLocker: Payment methods (courtesy of Avast.com)

What can I do about it?

How can we prevent it from infecting our devices?

  • Keep yourself safe. Do not install .apks from malicious sources.
  • Install applications using Google Playstore only.
  • Read the app permissions before installing an .apk. The app permissions will give you a hint on what type of things it can do to your device.
  • Finally, review and understand why an app requests for a particular permission during runtime (Android 6.0 – Marshmallow and above).
Android: Application permissions (courtesy of drippler.com)

Android: Application permissions (courtesy of drippler.com)

Android: Runtime permissions (courtesy of androidhive.info)

Android: Runtime permissions (courtesy of androidhive.info)

And that’s all you need to know about WannaLocker. Keep safe everyone!


Source

Leave a Reply

Be the First to Comment!

Speak up you comment ninja! Let's talk. Leave a reply.

wpDiscuz
shares
%d bloggers like this: