By CagedTech in Malware

With the growing popularity of Android devices, cybercriminals have been pumping out an increasing amount of malware dedicated to targeting machines running the Android OS. The WannaLocker Ransomware is a ransomware threat that targets Android devices specifically. The authors of the WannaLocker Trojan have copied the interface of the infamous WannaCryptor Ransomware – the ransomware threat that made headlines all around the world in 2017. It appears that this is the only aspect that the cyber crooks responsible for the WannaLocker threat have borrowed which is fortunate for the victims, as the WannaCryptor Ransomware is an extremely threatening, high-end project.

Ever since releasing the WannaLocker Trojan, its authors have not been idle. They have updated their threat and renamed it to WannaHydra. The name seems to be related to the Greek mythological serpent creature Hydra, which has multiple heads and sports three different features:

  • A file-locker.
  • A spyware tool capable of extracting phone data.
  • A banking Trojan meant to collect login credentials from popular online bank portals.

So far, malware experts have only spotted campaigns employing the WannaHydra Trojan in Brazil. Some speculate that this is just the attackers’ testing ground, as this does not appear to be the final variant of the WannaHydra and this threat has the potential to be weaponized further. It is likely that the attackers will expand their reach in the future.

The WannaHydra threat can serve as an excellent monitoring tool. It is able to get access to the victim’s images, contacts and text messages. Furthermore, this Trojan also can enable the microphone on the compromised device and record audio, as well as track the victim’s GPS location. Also, the WannaHydra malware will siphon information about both the hardware and software of the infiltrated device to the attackers’ server. The WannaHydra Trojan is capable to detecting whether the victim is a customer of a popular bank in Brazil and can then trick them into putting in their credentials in a bogus login prompt under the pretext that there is an issue with the security of their account. If the user falls for this trickery and fills in their login credentials, the data will be forwarded to the server of the cyber crooks operating the WannaHydra. Despite using the WannaCryptor Ransomware’s interface, the authors of the WannaHydra Trojan have not yet enabled their creation to operate as a ransomware threat.

Smartphone users tend to overlook cybersecurity. Android users should start upping their game when it comes to securing their devices because the Android infrastructure is much more decentralized compared to the iOS one, which also makes it less secure. Be very wary what application you allow on your device and keep a close eye on the permissions the application would request.


Most Viewed