Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>WannaLocker – The WannaCry Copycat Targeting Android Users in China

WannaLocker – The WannaCry Copycat Targeting Android Users in China

Hackers are using a copycat version of WannaCry ransomware named “WannaLocker” to target Android users in China. Disguised as a plugin for King of Glory, a well-known Chinese game, it infects local gaming apps. Upon installation of this counterfeit add-on, the threat hides its icon from the Android app drawer and changes the main wallpaper to an anime image. It then begins encrypting files stored on the device’s external storage.
This latest Android threat employs AES encryption to ruin a user’s files. However, it does have some exceptions. For example, it does not encrypt files that include “DCIM”, “download”,  “miad”, “android”, or “com.” in the path; files that are bigger than 10 KB; or files that begin with “.” character. Once it completes its encryption routine, it demands a ransom, and uses a WannaCry-esque message to display its orders.
SC Magazine
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis