We now have a Mobile App that Helps Cybercriminals Develop Unlimited Strains of Android Ransomware.
There was a time when launching malware attack was a daunting task as it required an exceptionally high level of social engineering skills to pull it off. But, today, it is quite easy as there are a number of tools that can help malicious threat actors in achieving their objectives without much effort. One such tool is the ransomware development kit and it is being sold on the internet’s underground marketplace.
The Trojan Development Kit (TDK) is basically an app that doesn’t require the hacker to have coding skills for using it and developing ransomware. Which means even ambitious people with limited skills can create their personal file-locking malware. The kit is downloadable for free from various hacking discussion boards.
TDK app has a user-friendly interface allowing cyber criminals to quickly create their ransomware. Tools for creating ransomware are usually developed for running on laptops or desktops but this particular kit is different as it is being distributed as a mobile app that helps in the development of customized ransomware strains for targeting Android devices.
The kit was identified by Symantec researchers. According to Symantec’s principal threat analysis engineer Dinesh Venkatesan, this is a ‘ready-to-use piece of malware.’ The whole process of creating ransomware is performed on a smartphone without even writing a ‘single line of code,” said Venkatesan.
All the user has to do is follow some instructions of the app and fill out certain forms. When the forms are filled the user needs to click on Create button. This step would initiate communication between the app developer and the user. After paying the demanded one-time fee, the user can distribute the ransomware and make variations.
The created ransomware has the same functionality as the Lockdroid, that is, it locks the device using a system alert error displaying the text to the user in a straightforward manner. The error message content just tells the victim that the device has been locked and in order to regain access, the victim has to pay a certain amount.
The app comes with wide range of customization options as well. Such as the messages that will be displayed in the targeted device’s lock screen, malware’s icon, the key that will unlock the device, animation types that will be displayed on the infected device and the mathematical operations required to randomize codes.
Currently, the TDKs are available at China’s Great Firewall forums and famous Chinese social networking websites, which refers to the fact that it is created for Chinese speaking users. However, researchers believe that modified versions of ransomware in other languages will also be available soon if not already developed.
There are ransomware-as-a-service kits also making their presence felt on the internet and the emergence of DIY kits like the TDKs would eventually make the task of both newcomer and seasoned cyber criminals a lot easier. The kit happens to be a subscription-based service and there is virtually no limit to the number of ransomware strains a subscriber can create after paying the one-time fee.
“Even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves. We expect to see an increase in mobile ransomware variants as these development kits become more widespread,” stated Venkatesan.
To stay protected from the latest DIY Android ransomware, users must refrain from downloading apps from unreliable platforms and must create a backup of important data along with regularly updating the system.