SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Mobile malware creation is now as easy as downloading an app
Mon, 28th Aug 2017
FYI, this story is more than a year old

Mobile malware creation is as easy as downloading an app and potential criminals don't even need to write a single line of code, according to a new blog from Symantec.

Researchers have discovered an app that can help criminals create their own customised Android malware through Trojan Development Kits (TDKs).

While similar apps have been spotted in the wild, the latest offering has is being distributed through hacking forums and through a popular Chinese social messaging service.

The app allows users to design their malware and customise aspects including the proposed ransom method, unlock key, type of ransom animation, custom maths to randomise the code and the icon that the malware uses.

According to Symantec blogger Dinesh Venkatesan, the automation of malware variants has been helped by a ‘Device Aided Malware Engineering' tool model, which makes malware creation simpler than ever.

Venkatesan says that app's interface isn't different to any other Android app – the only difference it its purpose.

“Once all of the information has been filled in, the user hits the “create” button and, if they haven't already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app's developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire,” Venkatesan explains in the blog.

Once created, the malware is saved in external storage and is ready to infect devices. Criminals can spread the malware however they like; those who are tricked into downloading the malware are now faced with a locked device and a ransom.

“The malware created using this automation process follows the typical Lockdroid behavior of locking the device's screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code,” Venkatesan continues.

The Android.Lockdroid.E Trojan has been around since 2014. It locks Android devices and demands a ransom .

While the malware creators appear to be aimed at Chinese-speaking users so far, Venkatesan says it would not be difficult to create versions for different languages.

This new wave of malware development kits lowers the bar for aspiring cyber criminals who have very little technical knowledge.

However Venkatesan points out that professional malware creators could also use the kits as supplementary ways to continue their trade. Symantec expects the number of mobile ransomware variants to increase as TDKs gain traction.

Symantec offers the following tips to avoid downloading Trojans and malware:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by an app
  • Install a suitable mobile security app in order to protect your device and data
  • Make frequent backups of important data