Avast Blog Threat Reseach: New triple-threat mobile version of the malware WannaLocke

[harlan4096]

Avast threat researcher Nikolaos Chrysaidos tracks new version of malware that combines spyware, remote-access-Trojan malware, and banking Trojan malware

A new, three-pronged version of the ransomware known as the mobile WannaCry is targeting four major banks in Brazil, Avast threat researcher Nikolaos Chrysaidos has found.

This is a new version of WannaLocker, the WannaCry copycat for mobile, which bundles spyware, remote-access-Trojan (RAT) malware, and banking Trojan malware in one nasty ransomware package, according to Chrysaidos’ findings.

“We believe this is the first sighting of this new mobile version of WannaLocker” said Chrysaidos, a researcher who previously tracked banking Trojans on the Google Play store. “It harvests text information, call logs, phone number, and credit card information, and if it takes off it could be a very serious issue.”

WannaCry, a 2017 ransomware outbreak that swept the globe, was one of the decade’s worst cybersecurity threats.

Chrysaidos (pictured) said researchers don’t know how this new version of WannaLocker initially gets into phones, but suspects it could be through malicious links or third-party stores.

The banking Trojan works by showing users a fake interface and urging them to address an issue with their account by signing in. When they do, the malware collects a wide range of data, including the mobile manufacturer and other hardware information, call log, text messages, phone number, photos from front and back camera, contact list, GPS location, and microphone audio data. WannaLocker strains normally encrypt files on a mobile user’s external storage and demand a relatively small payment to release them. This version includes the design to do this and the message to show to the infected user, but appears to still be in development, Chrysaidos said.

Continue Reading