No coding skills required: This Android app allows wannabe cybercriminals to build custom ransomware

A free tool available on hacking forums allows budding hackers to build their own Android ransomware simply by filling out a few forms.
Written by Danny Palmer, Senior Writer

The app allows wannabe hackers to create ransomware using just their smartphone.

Image: iStock

A ransomware development kit that doesn't require any coding skills to use is being sold on underground forums. Now, all a wannabe cybercriminal needs to build their own file-locking malware is an Android phone.

Downloadable from hacking discussion boards for free, the Trojan Development Kit (TDK) app comes with an easy to use interface that allows criminals to quickly create their own ransomware, according to the researchers who recently spotted the appearance of this particular DIY ransomware kit.

"The entire process of creating a ready-to-use piece of malware is done on a smartphone without any requirement to write a single line of code," said Dinesh Venkatesan, principal threat analysis engineer at Symantec.

The app allows for the creation of malware by following simple instructions and filling out forms, with a variety of customisation options available to the budding cybercriminal.

These include the message to be displayed on the infected device's lock screen, the key used to unlock the device, the icon used by the malware, the mathematical operations to randomise the code, and the type of animation to be displayed on the infected device.


Malware generator app.

Image: Symantec

Once all of the forms are filled out, the user can hit the 'create' button, initiating a conversation with the app developer to pay a one-off fee. Once that's paid, users are free to distribute the ransomware and make as many variants as they like in future.

See also Ransomware: An executive guide to one of the biggest menaces on the web

Ransomware created by the app follows the Lockdroid behaviour, locking the device using a system alert window and simply displaying text to the user, telling them their phone is locked and that they must pay to regain access. While Android ransomware is far less common than Windows ransomware, the market for it is growing.

All of the Trojan Development Kits seen so far have been aimed at Chinese-speaking users, but researchers say modifying the interface for building ransomware in other languages could soon be available "if it is not already the case".

Ransomware-as-a-service kits have already made it easy for aspiring cybercriminals to get a piece of the ransomware pie, and researchers say the emergence of DIY ransomware apps further lowers the bar for aspiring hackers.

But it isn't just low-level criminals who can benefit from this sort of approach: it also provides a dangerous tool for more seasoned ransomware developers.

"Even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves. We expect to see an increase in mobile ransomware variants as these development kits become more widespread," said Venkatesan.

In order to have the best chance of staying protected from this Android ransomware, researchers recommend refraining from downloading apps from untrusted sources, to make backups of important data and to keep system software up to date.

However, it seems many aren't following this basic advice of keeping systems patched and up to date -- something that played a big role in the global spread of WannaCry ransomware, and the subsequent Petya outbreak a month later.

Related coverage

This Android ransomware threatens to expose your browsing history to all your contacts

LeakerLocker forgoes using encryption, instead choosing threats to make money out of victims.

Ransomware attacks are getting easier, and the targets are getting bigger

National Crime Agency report warns on growing dangers of hacking, ransomware and the dark web

One kind of Android smartphone ransomware is behind a massive rise in malicious software

McAfee Labs report says 244 new threats are detected every minute - and that Android is the target in a boom in ransomware attacks.


Editorial standards