Android Ransomware Impersonates ‘King Of Glory’ Game

The ransomware encrypts the Android device’s files and then displays a ransom message imitating the notorious WannaCry malware

Hackers have begun distributing Android ransomware disguised as copies of the popular multiplayer online battle game King of Glory, which has millions of users, security researchers have warned.

The malware has prompted “emergency” warnings to be posted on gaming forums and websites in China, security firm Sophos said in an advisory.

Millions of users targeted

“This ransomware was spread via internet gaming forums and downloaded and installed by unsuspecting gamers,” Sophos said in the advisory, without estimating the number who might have been affected.

The malware's ransom note imitates that of WannaCry
The malware’s ransom note imitates that of WannaCry

After installation the malware hides its initial icon and displays one with the title “Lycorisradiata”, referring to the red spider lily.

It changes the home screen to one with a pink background and a cartoon bear and bearing a long string of alphanumeric characters that Sophos said may be an ID related to the malware author.

It encrypts the files on the device and renames them with long and unreadable file extensions, but avoids encrypting system files, so that the device can be used to pay a ransom.

WannaCry imitator

It then displays a ransomware message imitating the one used by the WannaCry malware that caused widespread disruption last month, and prompts the user to make a payment of 20 RMB (£2) using the China-based Wechat, Alipay or QQ payment systems.

“We don’t know why the criminals behind this software copied WannaCry’s interface – perhaps they were just lazy, or maybe they were trying to cash in on its notoriety,” Sophos stated, adding that the malware shares none of WannaCry’s functionality.

The firm advised users to install software only from trusted app stores, to use antivirus software and to apply patches frequently.

Sophos’ warning follows last month’s discovery of an Android malware called Judy thought to have infected up to 36.5 million devices.

Third-party app stores

Android users in China are particularly vulnerable to malware because of the country’s reliance on app stores that as often as not offer little or no screening.

“Many alternative markets are little more than a free-for-all where app creators can upload anything they want, and frequently do,” Sophos said in its advisory.

Unlike Apple’s App Store, Google Play is barred in China, along with most other Google services, including its search engine and mapping tools.

As a result, Google’s centralised online shop generally isn’t pre-installed on Chinese Android devices and is little used in the country, in spite of Android dominating the smartphone platform market there.

Put your knowledge of artificial intelligence (AI) to the test. Try our quiz!