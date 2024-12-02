The ransomware was spotted by Qihoo 360 researchers, and fraudsters are spreading this ransomware via Chinese gaming forums in an attempt to scare and trick users into quickly paying the ransom. The malicious app containing the ransomware is disguised as a plugin for the King of Glory, a very popular mobile game in China, according to BleepingComputer.

This WannaCry lookalike for Android devices is asking users to pay the ransom fee of 40 RMB (USD 6) via Chinese payment providers QQ, Alipay, or WeChat.

The ransomware encrypts files and uses AES (Advanced Encryption Standard) encryption to lock them; also, it appends a suffix to all encrypted files consisting of a mixture of Chinese and Latin characters. Because resources are limited on Android devices, the ransomware will only encrypt files under 10KB in size. To avoid ruining and crashing the Android OS, the ransomware does not encrypt files whose names start with a dot, or files located in folders that include ”android, com, DCIM, download, or miad in their file path, the online publication continues.