SecurityBrief Asia logo
Story image

Mobile malware creation is now as easy as downloading an app

28 Aug 2017

Mobile malware creation is as easy as downloading an app and potential criminals don’t even need to write a single line of code, according to a new blog from Symantec.

Researchers have discovered an app that can help criminals create their own customised Android malware through Trojan Development Kits (TDKs).

While similar apps have been spotted in the wild, the latest offering has is being distributed through hacking forums and through a popular Chinese social messaging service.

The app allows users to design their malware and customise aspects including the proposed ransom method, unlock key, type of ransom animation, custom maths to randomise the code and the icon that the malware uses.

According to Symantec blogger Dinesh Venkatesan, the automation of malware variants has been helped by a ‘Device Aided Malware Engineering’ tool model, which makes malware creation simpler than ever.

Venkatesan says that app’s interface isn’t different to any other Android app – the only difference it its purpose.

“Once all of the information has been filled in, the user hits the “create” button and, if they haven’t already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app’s developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire,” Venkatesan explains in the blog.

Once created, the malware is saved in external storage and is ready to infect devices. Criminals can spread the malware however they like; those who are tricked into downloading the malware are now faced with a locked device and a ransom.

“The malware created using this automation process follows the typical Lockdroid behavior of locking the device’s screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code,” Venkatesan continues.

The Android.Lockdroid.E Trojan has been around since 2014. It locks Android devices and demands a ransom .

While the malware creators appear to be aimed at Chinese-speaking users so far, Venkatesan says it would not be difficult to create versions for different languages.

This new wave of malware development kits lowers the bar for aspiring cyber criminals who have very little technical knowledge.

However Venkatesan points out that professional malware creators could also use the kits as supplementary ways to continue their trade. Symantec expects the number of mobile ransomware variants to increase as TDKs gain traction.

Symantec offers the following tips to avoid downloading Trojans and malware:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by an app
  • Install a suitable mobile security app in order to protect your device and data
  • Make frequent backups of important data
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More