WannaLocker evolves to include spyware and banking trojan capabilities

• Cybercriminals have been found using this all-in-one malware to target Brazilian banks and their customers.
• The WannaLocker ransomware was originally designed in 2017 to target Chinese Android device users via gaming forums.

WannaLocker - a mobile derivative of WannaCry ransomware - has been enhanced with spyware, RAT, and banking trojan capabilities. Cybercriminals have been found using this all-in-one malware to target Brazilian banks and their customers.

What are the capabilities?

Discovered by Nikolaos Chrysaidos, a threat researcher at Avast, this triple-threat mobile version is targeting four major banks in Brazil.

The new version of WannaCry is one nasty ransomware package that is capable of:

• Harvesting text information;
• Stealing call logs, phone numbers, GPS location and microphone audio data; and
• Grabbing credit card information.

How does it work?

Although it is unknown as to how this new version of the ransomware gets into phones, but Chrysaidos suspects that it could be through malicious links or third-party stores.

Once installed, the malware encrypts the files on a mobile user’s external storage and demands a relatively small ransom to release them.

“This version includes the design to do this and the message to show to the infected user, but appears to still be in development,” Chrysaidos said in a blog post.

The bottom line

The WannaLocker ransomware was originally designed in 2017 to target Chinese Android device users via gaming forums. However, with its latest evolution, the ransomware can pose a serious threat for banking and retail sectors.