Mobile Trojan Development Kits allow creating ransomware without the need to write code

Pierluigi Paganini August 25, 2017

Researchers at Symantec have discovered Trojan Development Kits that allow creating Android ransomware without the need to write code.

Ransomware continues to represent a serious threat to users and organizations.

Unfortunately, it is easy for crooks arranging their own ransomware campaign by using numerous RaaS services offered online.

Recently researchers at Symantec discovered a new Android ransomware-as-a-service (RaaS) kit that allows creating a ransomware even without specific knowledge.

The new Android apps have spotted by researchers at Symantec that noticed some advertisements on hacking forums and social networking messaging service popular in China.

“Wannabe malware authors can start using TDKs by firstly downloading the free app. The apps are available from hacking forums and through advertisements on a social networking messaging service popular in China.” reads the post published by Symantec.

“The app, which has an easy-to-use interface, is no different from any other Android app apart from the fact that it creates malware.

To generate the malware, all the user needs to do is choose what customization they want by filling out the on-screen form.”

The Trojan Development Kits (TDKs) allows wannabe hacker to create their own ransomware with a few steps through an easy-to-use interface.

Trojan Development Kits

To create the ransomware, users can download one of such apps, install and open it. The app displays the following options to customize the ransomware:

  • The message to display on the locked screen of the infected device
  • The key to unlock the infected device
  • The ransomware icon.
  • Custom mathematical operations to randomize the code.
  • Type of animation to be displayed on the infected device

Once provided the following info the user can create the ransomware pressing the “Create” button.
The first time users create the malware, the app will prompt him a subscription form to fill and will start a chat with the author of the app to arrange one time-time payment.

“Once all of the information has been filled in, the user hits the “create” button and, if they haven’t already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app’s developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire.” continues the post.

Once completed the payment, the ransomware is created and stored in the external storage in ready-to-ship condition.

“It is then up to the user how they want to spread their newly created ransomware. Anyone unlucky enough to be tricked into installing the malware will end up with a locked device held to ransom. The malware created using this automation process follows the typical Lockdroid behavior of locking the device’s screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code.”

The Lockdroid ransomware is able to lock the device, change the PINs, encrypt user data, and perform other operation including fully wiping data forcing a factory reset.

Lockdroid is also able to prevent victims from uninstalling it, even through the command line interface.

The Trojan Development Kits samples analyzed by Symantec are aimed at Chinese-speaking users it could be easily adapted for other languages, the experts believe that different language versions will soon be made available.

“The emergence of easy to use malware development kits such as these lowers the bar for aspiring cyber criminals wanting to enter the ransomware game. Individuals with little technical knowledge can now create their very own customized Android ransomware.” concluded Symantec. “However, these apps are not just useful for aspiring and inexperienced cyber criminals as even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves. We expect to see an increase in mobile ransomware variants as these development kits become more widespread.”

Below the recommendation provided by Symantec to protect against this kind of threat on mobile devices:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by an app
  • Install a suitable mobile security app, such as Norton, in order to protect your device and data
  • Make frequent backups of important data
[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – RaaS, Trojan Development Kits)

[adrotate banner=”12″]

you might also like

leave a comment