WannaCry lookalike ransomware hits Android devices

Android Cloak and Dagger exploit


A new ransomware spreading as an app via Chinese gaming forums has been surfaced on Android. Named WannaLocker, the ransomware makes users believe that they have been infected by the recently reported WannaCry.

According to researchers at Qihoo 360, the suspicious app tries to pass the ransomware as a plugin for King of Glory game. The ransomware asks for 40 Chinese Renminbi ($6) via payment gateways like Alipay, QQ and WeChat. It is quite surprising because most cybercriminals use cryptocurrencies like Bitcoin to ensure anonymity.

The researchers revealed that the WannaCry lookalike malware encrypt all files on the targeted device with AES encryption. The suffix of these encrypted files gets a combination of Chinese and Latin characters. It is relatively easier to figure out the affected devices by looking for Chinese characters in file names.

Encrypts minimal files

However, it is worth noting that the ransomware only targets the files under 10KB of size on an Android device. The encrypted files are stored in default folders such as “Android, COM, DCIM and Downloads. Further, the ransomware is capable of encrypting files stored on the external memory of the Android device.

Google is yet to release an update regarding the latest ransomware attack. However, users are advised to avoid installation of apps from unknown sources and prefer Google Play to protect their devices.


Please enter your comment!
Please enter your name here