Hackers are using a copycat version of WannaCry ransomware named “WannaLocker” to target Android users in China. Disguised as a plugin for King of Glory, a well-known Chinese game, it infects local gaming apps. Upon installation of this counterfeit add-on, the threat hides its icon from the Android app drawer and changes the main wallpaper to an anime image. It then begins encrypting files stored on the device’s external storage.
This latest Android threat employs AES encryption to ruin a user’s files. However, it does have some exceptions. For example, it does not encrypt files that include “DCIM”, “download”, “miad”, “android”, or “com.” in the path; files that are bigger than 10 KB; or files that begin with “.” character. Once it completes its encryption routine, it demands a ransom, and uses a WannaCry-esque message to display its orders.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street