Researchers at Avast discovered a new WannaLocker variant “WannaHydra” which uses the WannaCry user interface and acts as spyware, which is a banking Trojan, and has remote administration functions and the ability to encrypt files on the infected device’s external storage. It is currently targeting Android devices of customers of major banks in Brazil. The attack vector is likely malicious links or apps in third-party app stores. After the malware’s installation, it sends a fake alert to the user requesting them to log into their bank account. If their credentials are entered, the information is sent to the attackers. Once on a device, the malware can also collect information such as the name of the manufacturer and various hardware data, the phone number, text messages, call log, photos, contacts, audio data, and GPS location information. At the time of this writing, the malware appears to still be in development.

Technical Details and Reporting

  • SC Magazine provides details of WannaHydra in their article.