The constantly evolving cybercrime-as-a-service (CaaS) community thrives by making available malware-creating and hacking tools to wannabe hackers. Now novice cybercriminals can easily create their own Android ransomware, thanks to new free apps that are essentially TDKs (Trojan Development Kits). These free apps are currently only available in Chinese underground hacking forums.
The free app, discovered by Symantec security researcher Dinesh Venkatesan, is similar to other regular Android apps, with the exception that it allows users, even those with little or no knowledge of coding, to create malware. According to Venkatesan, the app is easy to use and requires users to just fill a form detailing the customisation they want and click a few buttons to create a brand new, fully functional Android ransomware.
"Once all of the information has been filled in, the user hits the 'create' button and, if they haven't already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app's developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire," Venkatesan wrote in a blog.
The ransomware strains developed by the app are based on the popular Lockdroid ransomware family, which doesn't actually encrypt files, instead locks users out of their devices with a password that only the hacker knows.
The TDK app also allows users to customise their ransomware in several ways:-
Displays a ransom message in the locked screen
Create a specific icon for the ransomware-laced app
Create animation to be displayed on the locked screen
Create the code required to unlock the device
The TDK app is currently only available for Chinese speakers. However, in the event the app becomes popular, the cybercriminals operating it could change the interface language, which according to Venkatesan, is fairly simple to do. The researcher suggested that the app could soon be made available to wannabe cybercriminals in different languages as well.
"The emergence of easy to use malware development kits such as these lowers the bar for aspiring cyber criminals wanting to enter the ransomware game. Individuals with little technical knowledge can now create their very own customized Android ransomware," Venkatesan said. "However, these apps are not just useful for aspiring and inexperienced cyber criminals as even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves. We expect to see an increase in mobile ransomware variants as these development kits become more widespread."