0x1bitcrack3r

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

0x1bitcrack3r

#Command for building android application(release version) and installing in android device for react-native applications
cd android && ./gradlew clean && ./gradlew assembleRelease && cd app/build/outputs/apk/ && adb install app-release.apk && cd ../../../../../

#Command for building iOS application (appname.archive=>appname.ipa) where appname.ipa can be installed in iOS device
xcodebuild -workspace <ProjectName>/<ProjectName>.xcworkspace -scheme <schemeName> clean archive -configuration release -sdk iphoneos -archivePath <ProjectName>.xcarchive
 && xcodebuild -exportArchive -archivePath  <ProjectName>.xcarchive -exportOptionsPlist  <ProjectName>/exportOptions.plist -exportPath  <ProjectName>.ipa

0x1bitcrack3r

import { NativeModules } from "react-native";
module.exports = NativeModules.OverlayPermissionModule;

0x1bitcrack3r

<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.overlaypermission">
</manifest>

0x1bitcrack3r

package com.overlaypermission;


import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Build;
import android.provider.Settings;

import androidx.annotation.RequiresApi;

0x1bitcrack3r

package com.overlaypermission;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import com.facebook.react.ReactPackage;
import com.facebook.react.bridge.NativeModule;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.uimanager.ViewManager;

0x1bitcrack3r

"dependencies": {
    "react": "16.0.0-alpha.12",
    "react-native": "0.60.0",
    "rn-android-overlay-permission": "file:../node_modules/rn-android-overlay-permission"
    }

0x1bitcrack3r

{

    "to":<DeviceToken>,
    "data": {
        "type": "incomingcall",
        "callerName":"Alex"
    },
    "priority": "high"
}

0x1bitcrack3r

    <uses-permission android:name="android.permission.WAKE_LOCK" />
    <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
    <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
    <permission
        android:name="android.permission.INTERACT_ACROSS_USERS_FULL"
        android:protectionLevel="signature" />

0x1bitcrack3r

public class FirebaseMessagingService
        extends FirebaseMessagingService {

    private static DeviceEventManagerModule.RCTDeviceEventEmitter eventEmitter = null;

    @Override
    public void onMessageReceived(RemoteMessage remoteMessage) {
        try {
            String notifDataType = remoteMessage.getData().get("type");