The days of needing the coding skills of an accomplished hacker to build malware are over, at least if news from Symantec is true.
The antivirus and cybersecurity company recently reported the existence of a Trojan Development Kit (TDK) that allows anyone to create Android ransomware – no coding skill required.
Symantec Principal Threat Analysis Engineer Dinesh Venkatesan says that the latest TDK discovery continues a trend from earlier in the year when TDKs were first discovered.
As the number of available ransomware-generating apps increases so will the scale of the threat for Android users. With the mobile OS already rife with malware there’s nothing good to be gained from the average user being able to create malicious APKs with just a few taps of a screen.
How to make no-code ransomware
The latest TDK, like those before it, can be found on hacking forums and even in social media advertisements in China. All the user has to do is download the APK and install it and they’re ready to build ransomware.
The process itself is simple: Just specify a ransom message, an unlock key, the ransomware’s app icon, mathematical operations to randomize the code, and an animation to show on the infected machine.
After the no-code ransomware builder finishes specifying those few simple options they’re prompted to subscribe to the app, which they can do with a one-time payment to the developer. Once paid for, the app purchaser is free to create as many custom ransomware variants as desired.
The only thing the app leaves to the ransomware builder is distribution: All it does is provide the APK file.
Once installed, the app-created ransomware acts just like Lockdroid, an Android ransomware that has been around since 2014. So while the app-generated ransomware isn’t anything new, it’s still a threat for Android devices that aren’t kept up to date or that lack an anti-malware app.
Keeping your Android device safe
Symantec’s blog post about TDKs does mention one good thing, at least for English-speaking Android users: TDKs all seem aimed at Chinese-speaking audiences. The article also notes that it would be simple to change the language of the interface, so don’t expect things to remain safe for long.
As more no-code malware apps are created, the threshold for taking advantage of them will lower. Eventually, the average criminal with a modicum of tech know-how could toss ransomware out as fast as they can make it.
Staying safe in that kind of environment will be even harder than it is now, but it’s not impossible:
- Keep your device up to date and apply the latest patches as soon as they’re available.
- Never install apps from outside the Google Play store.
- Avoid rooting your device—it makes it much easier for malware to execute commands it needs to install itself.
- Make sure you have an antivirus appinstalled on your device.
- Never download an attachment from a sender or website you can’t completely trust.