Chinese malware developers have created a specialized Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons.

The app is currently advertised on Chinese underground hacking forums and via Chinese social media networks, and is offered as a commercial product, meaning users must pay a one-time fee before using it.

App generates Lockdroid variants

Discovered by Symantec's resident Android security expert Dinesh Venkatesan, the app has been available since the start of the year. Venkatesan says he spotted various ransomware strains generated by this app, which appears to build custom ransomware strains on the skeleton of the well-known Lockdroid ransomware family. This ransomware strain does not encrypt files, but merely locks the user's device with an attacker-decided PIN.

Venkatesan refers to this app as a TDK — a Trojan Development Kit. Similar products have existed before, for both mobile and desktop malware, but they have required at least some coding knowledge.

This app does not require any coding, and works using a simple GUI. The app allows users to customize:

≫ The ransom message displayed in the lock screen
≫ The code to unlock the device
≫ The icon of the ransomware-laced app
≫ Custom math operations that obfuscate the code
≫ Any animations to be used on the lock screen

DIY Android ransomware kit

The app generates a fully-weaponized Android APK file infected with the user's custom ransomware. The user is then responsible for finding a way to infect his victims.

While some might think the app is a scam, it's long life suggests the contrary, otherwise, its author would have gained a bad reputation and word would have spread among hacking communities about his fake product.

App currently available only in Chinese

Venkatesan says the app is currently available for Chinese-speaking users only, but he believes similar apps will appear for wannabe malware distributors in other countries.

Ransomware is extremely prevalent in China because the Play Store is blocked in the country and locals are used to installing apps from third-party sources, such as online forums and local Android app stores.

Image credits: Symantec

Related Articles:

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

EU Fines Google $5 Billion for Breaching Antitrust Rules in Android

King Ouroboros Ransomware Dev Vents to Researchers on Twitter

The Week in Ransomware - July 13th 2018 - CoinVault Court Case & More

Magniber Ransomware Expands From South Korea to Target Other Asian Countries