Symantec researchers have written about just how easy it is for anyone to become an Android malware author, thanks to the arrival of Trojan Development Kits (TDKs) for the smartphone platform:
Wannabe malware authors can start using TDKs by firstly downloading the free app. The apps are available from hacking forums and through advertisements on a social networking messaging service popular in China.
The app, which has an easy-to-use interface, is no different from any other Android app apart from the fact that it creates malware.
To generate the malware, all the user needs to do is choose what customization they want by filling out the on-screen form.
In short, if you’re smart enough to play Crossy Road, you can create customised Android ransomware - deciding what messages will be displayed on locked devices, what key should be used to unlock it, and so forth.
You don’t need to know how to write a single line of code to write Android ransomware.
As researcher Dinesh Venkatesan explains, you can make as many pieces of mobile ransomware as you like once you’ve paid a one-time fee:
Once all of the information has been filled in, the user hits the “create” button and, if they haven’t already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app’s developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire.
The only potential nusiance is that although you may not have to need to know how to program, you will have to be comfortable dealing with the Trojan Development Kit’s Chinese user interface.
Of course, if there is a demand for such tools, chances are that some will be built using languages more accessible to the rest of the world.
To be honest, my overwhelming feeling when reading Symantec’s report of malware construction kits for Android was to think - “has it really taken this long?”
25 years ago, in my early days in the anti-virus industry, I remember Nowhere Man’s Virus Creation Laboratory (VCL) which brought similarly easy malware creation to DOS users.
If anything, with its neat Turbo Vision user interface (including mouse support and context sensitive help), VCL was more sophisticated than some of the anti-virus products at the time.
It should be remembered that although VCL might it child’s play to write viruses, the malicious software it created was simple to detect because each sample from the factory bore similar characteristics. Let’s hope that this Android ransomware generator suffers from similar flaws which will help prevent it from having a significant impact.