Ransomware for everyone! Chinese malware developers managed to develop a specialized application Android that allows anyone to create a fully functional Android ransomware by filling out a form and pushing a few buttons.
The app is currently advertised on Chinese underground hacking forums via Chinese networks and offered as commercial product, which means that interested parties will have to pay a lump sum to use it.
It was discovered by the security expert Dinesh Venkatesan of Symantec, but the application is available from the beginning of the year.
Venkatesan reports that he saw different ransomware generated by this application, which seems to create customized ransomware executives on the known Lockroid family's frame. This ransomware does not encrypt the files, but just locks the user's device with an intruder-defined PIN.
Venkatesan refers to this application as TDK (Trojan Development Kit or a Trojan development kit). Similar products existed before, for malware targeting mobile phones and desktops. However, all previous applications needed some coding skills.
This application requires no encoding and works with a simple GUI. The application allows users to customize:
- The message that will appear on the lock screen
- The code to unlock the device
- The ransomware application icon
- Custom functions that change the code
- Animated images to be used on the lock screen
The app produces a malicious APK (for Android), but the user is responsible for finding the way it infects its victims.
While some believe that the application is scam, its long lifespan suggests otherwise, otherwise, its developer would have gained a bad reputation among hacking communities.
Venkatesan reports that the app is currently only available in Kenyan, but believes that similar applications will soon appear in other countries.
Ransomware is extremely prevalent in the China, because the Play Store is blocked in the country and locals use third-party sources such as forums and local Android app stores to install apps.