The days of needing the coding skills of an accomplished hacker to build malware are over, at least if news from Symantec is true.
The antivirus and cybersecurity company recently reported the existence of a Trojan Development Kit (TDK) that allows anyone to create Android ransomware—no coding skill required.
Symantec Principal Threat Analysis Engineer Dinesh Venkatesan says that the latest TDK discovery continues a trend from earlier in the year when TDKs were first discovered.
As the number of available ransomware-generating apps increases so will the scale of the threat for Android users. With the mobile OS already rife with malware there’s nothing good to be gained from the average user being able to create malicious APKs with just a few taps of a screen.
How to make no-code ransomware
The latest TDK, like those before it, can be found on hacking forums and even in social media advertisements in China. All the user has to do is download the APK and install it and they’re ready to build ransomware.
The process itself is simple: Just specify a ransom message, an unlock key, the ransomware’s app icon, mathematical operations to randomize the code, and an animation to show on the infected machine.
SEE: Android ransomware up more than 50%, locking users’ devices until they pay (TechRepublic)
After the no-code ransomware builder finishes specifying those few simple options they’re prompted to subscribe to the app, which they can do with a one-time payment to the developer. Once paid for, the app purchaser is free to create as many custom ransomware variants as desired.
The only thing the app leaves to the ransomware builder is distribution: All it does is provide the APK file.
Once installed, the app-created ransomware acts just like Lockdroid, an Android ransomware that has been around since 2014. So while the app-generated ransomware isn’t anything new, it’s still a threat for Android devices that aren’t kept up to date or that lack an anti-malware app.
Keeping your Android device safe
Symantec’s blog post about TDKs does mention one good thing, at least for English-speaking Android users: TDKs all seem aimed at Chinese-speaking audiences. The article also notes that it would be simple to change the language of the interface, so don’t expect things to remain safe for long.
SEE: Android Security Bulletin August 2017: What you need to know (TechRepublic)
As more no-code malware apps are created, the threshold for taking advantage of them will lower. Eventually, the average criminal with a modicum of tech know-how could toss ransomware out as fast as they can make it.
Staying safe in that kind of environment will be even harder than it is now, but it’s not impossible:
- Keep your device up to date and apply the latest patches as soon as they’re available.
- Never install apps from outside the Google Play store.
- Avoid rooting your device—it makes it much easier for malware to execute commands it needs to install itself.
- Make sure you have an antivirus app installed on your device.
- Never download an attachment from a sender or website you can’t completely trust.
Top three takeaways for TechRepublic readers:
- Symantec reported the existence of Android apps that allow users to generate ransomware without any programming experience. Getting ahold of one is as easy as visiting the right hacking forums.
- The ransomware-generating apps are currently only in Chinese, but Symantec reports it would be simple to change the language and thus extend the app’s market.
- Secure your Android device by installing an antivirus app, not rooting, only installing apps from the Google Play store, and keeping it up to date.