Want to write Android ransomware but don't know how to code? No problem

You don’t need to know how to write a single line of code to write Android ransomware.

Want to write Android ransomware but don't know how to code? No problem

Symantec researchers have written about just how easy it is for anyone to become an Android malware author, thanks to the arrival of Trojan Development Kits (TDKs) for the smartphone platform:

Wannabe malware authors can start using TDKs by firstly downloading the free app. The apps are available from hacking forums and through advertisements on a social networking messaging service popular in China.

The app, which has an easy-to-use interface, is no different from any other Android app apart from the fact that it creates malware.

To generate the malware, all the user needs to do is choose what customization they want by filling out the on-screen form.

Trojan development kit

In short, if you're smart enough to play Crossy Road, you can create customised Android ransomware - deciding what messages will be displayed on locked devices, what key should be used to unlock it, and so forth.

You don't need to know how to write a single line of code to write Android ransomware.

As researcher Dinesh Venkatesan explains, you can make as many pieces of mobile ransomware as you like once you've paid a one-time fee:

Once all of the information has been filled in, the user hits the "create" button and, if they haven't already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app's developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire.

The only potential nusiance is that although you may not have to need to know how to program, you will have to be comfortable dealing with the Trojan Development Kit's Chinese user interface.

Of course, if there is a demand for such tools, chances are that some will be built using languages more accessible to the rest of the world.

To be honest, my overwhelming feeling when reading Symantec's report of malware construction kits for Android was to think - "has it really taken this long?"

25 years ago, in my early days in the anti-virus industry, I remember Nowhere Man's Virus Creation Laboratory (VCL) which brought similarly easy malware creation to DOS users.

Nowhere man vcl

If anything, with its neat Turbo Vision user interface (including mouse support and context sensitive help), VCL was more sophisticated than some of the anti-virus products at the time.

It should be remembered that although VCL might it child's play to write viruses, the malicious software it created was simple to detect because each sample from the factory bore similar characteristics. Let's hope that this Android ransomware generator suffers from similar flaws which will help prevent it from having a significant impact.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

3 Responses

  1. Will D

    September 5, 2017 at 3:20 am #

    Hopefully Google (and other app stores) screen for this code.

  2. Michael Ponzani

    September 5, 2017 at 11:10 am #

    They just can't wait to steal, can they?

  3. drsolly

    September 5, 2017 at 11:49 pm #

    I remember the Virus Creation Lab. I messed about with it for a few hours, and found that it could only make a few significantly different viruses. Writing signatures for them was trivial, and I don't think any of the rather trivial viruses it could make, were ever seen in the wild.

Leave a Reply