Home Articles How WannaLocker has Transformed to Banking Trojan, Spyware & Ransomware

How WannaLocker has Transformed to Banking Trojan, Spyware & Ransomware


WannaLocker has evolved into a deadly malware by acquiring the capabilities of spyware and banking trojan. Read on to know more…

The WannaLocker ransomware was originally designed in 2017 to target Chinese Android device users via gaming forums. The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware. Researchers at Avast this week reported observing a new version of the malware that combines WannaCry’s user interface with new spyware, a banking Trojan, and remote administration functions.

The new variant of WannaLocker was discovered by Nikolaos Chrysaidos, a threat researcher at Avast.

WannaLocker – a mobile derivative of WannaCry ransomware – has been enhanced with spyware, RAT, and banking trojan capabilities. Cybercriminals have been found using this all-in-one malware to target Brazilian banks and their customers. The triple-threat mobile version of WannaLocker has targeted four major banks in Brazil.

The new version of WannaCry is one deadly ransomware package that is capable of harvesting text information, stealing call logs, phone numbers, GPS location, microphone audio data and grabbing credit card information.

“We believe this is the first sighting of this new mobile version of WannaLocker,” said Nikolaos Chrysaidos, who heads Avast’s mobile threat and security. “It harvests text information, call logs, phone number, and credit card information, and if it takes off it could be a very serious issue.” MSSPs will want to keep an eye out for this bug for sure.

The latest evolution WannaLocker ransomware can pose a serious threat for banking and retail sectors.

Working Mechanism
Although it is unknown as to how this new version of WannaLocker gets into phones, Chrysaidos suspects that it could be through malicious links or third-party stores.

The latest version of WannaLocker works by presenting users of the four targeted bank apps with a fake message urging them to sign into their accounts to address some account-related issue.

Once installed, the malware collects a variety of information including the name of the device manufacturer and other hardware information, the phone number, text messages, call log, photos, contact list, microphone audio data, and GPS location information. Then the malware encrypts the files on a mobile user’s external storage and demands a relatively small ransom to release them.

“This version includes the design to do this and the message to show to the infected user, but appears to still be in development,” Chrysaidos said in a blog post.

Android users should ensure they are on the most up-to-date version of the operating system as possible. In addition, even when downloading apps from Google’s official store, users should make sure to check the number of downloads the app has and pay special attention to negative reviews.

According to Avast, the following are some of the basic security steps to guard against banking trojans:

• Confirm that the banking app you are using is the official and verified version from Google Play or Apple Store.
• If anything looks awry or suddenly unfamiliar, clarify the same with your bank’s customer service team.
• If available, use two-factor authentication.
• Make sure you have a strong AI-powered mobile antivirus installed to detect and block this kind of tricky malware if it ever makes its way onto your mobile system.


Please enter your comment!
Please enter your name here

9 + 1 =