Chinese malware developers have created a specialized Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons.
The app is currently advertised on Chinese underground hacking forums and via Chinese social media networks, and is offered as a commercial product, meaning users must pay a one-time fee before using it.
Discovered by Symantec's resident Android security expert Dinesh Venkatesan, the app has been available since the start of the year. Venkatesan says he spotted various ransomware strains generated by this app, which appears to build custom ransomware strains on the skeleton of the well-known Lockdroid ransomware family. This ransomware strain does not encrypt files, but merely locks the user's device with an attacker-decided PIN.
Venkatesan refers to this app as a TDK — a Trojan Development Kit. Similar products have existed before, for both mobile and desktop malware, but they have required at least some coding knowledge.
This app does not require any coding, and works using a simple GUI. The app allows users to customize:
The app generates a fully-weaponized Android APK file infected with the user's custom ransomware. The user is then responsible for finding a way to infect his victims.
While some might think the app is a scam, it's long life suggests the contrary, otherwise, its author would have gained a bad reputation and word would have spread among hacking communities about his fake product.
Venkatesan says the app is currently available for Chinese-speaking users only, but he believes similar apps will appear for wannabe malware distributors in other countries.
Ransomware is extremely prevalent in China because the Play Store is blocked in the country and locals are used to installing apps from third-party sources, such as online forums and local Android app stores.
Image credits: Symantec