A ransomware development kit that doesn't require any coding skills to use is being sold on underground forums. Now, all a wannabe cybercriminal needs to build their own file-locking malware is an Android phone.
Downloadable from hacking discussion boards for free, the Trojan Development Kit (TDK) app comes with an easy to use interface that allows criminals to quickly create their own ransomware, according to the researchers who recently spotted the appearance of this particular DIY ransomware kit.
"The entire process of creating a ready-to-use piece of malware is done on a smartphone without any requirement to write a single line of code," said Dinesh Venkatesan, principal threat analysis engineer at Symantec.
The app allows for the creation of malware by following simple instructions and filling out forms, with a variety of customisation options available to the budding cybercriminal.
These include the message to be displayed on the infected device's lock screen, the key used to unlock the device, the icon used by the malware, the mathematical operations to randomise the code, and the type of animation to be displayed on the infected device.
Once all of the forms are filled out, the user can hit the 'create' button, initiating a conversation with the app developer to pay a one-off fee. Once that's paid, users are free to distribute the ransomware and make as many variants as they like in future.
Ransomware created by the app follows the Lockdroid behaviour, locking the device using a system alert window and simply displaying text to the user, telling them their phone is locked and that they must pay to regain access. While Android ransomware is far less common than Windows ransomware, the market for it is growing.
All of the Trojan Development Kits seen so far have been aimed at Chinese-speaking users, but researchers say modifying the interface for building ransomware in other languages could soon be available "if it is not already the case".
Ransomware-as-a-service kits have already made it easy for aspiring cybercriminals to get a piece of the ransomware pie, and researchers say the emergence of DIY ransomware apps further lowers the bar for aspiring hackers.
But it isn't just low-level criminals who can benefit from this sort of approach: it also provides a dangerous tool for more seasoned ransomware developers.
"Even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves. We expect to see an increase in mobile ransomware variants as these development kits become more widespread," said Venkatesan.
In order to have the best chance of staying protected from this Android ransomware, researchers recommend refraining from downloading apps from untrusted sources, to make backups of important data and to keep system software up to date.
However, it seems many aren't following this basic advice of keeping systems patched and up to date -- something that played a big role in the global spread of WannaCry ransomware, and the subsequent Petya outbreak a month later.
LeakerLocker forgoes using encryption, instead choosing threats to make money out of victims.
National Crime Agency report warns on growing dangers of hacking, ransomware and the dark web
McAfee Labs report says 244 new threats are detected every minute - and that Android is the target in a boom in ransomware attacks.
READ MORE ON CYBERCRIME
- This Android ransomware threatens to expose your browsing history to all your contacts
- Ransomware: The smart person's guide [TechRepublic]
- No more ransomware: How one website is stopping the crypto-locking crooks in their tracks
- This is the easiest way to prevent malware on your Android device [CNET]
- Google on Android ransomware: You're more likely to be hit twice by lightning than get infected