Symantec researchers have spotted mobile malware factories in the wild which allow wannabe malware authors develop custom malware on their own devices without having to write a single line of code.
The Trojan Development Kits (TDKs) are automated by adopting a CASE (Computer-Aided Software Engineering) tool model or a DAME (Device-Aided Malware Engineering) tool model and the free apps can be downloaded onto the perpetrator's device via dark web forums and advertisements on a social networking messaging service popular in China, according to an Aug. 24 blog post.
The TDKs include options for customization such as what messages will be displayed on the locked screen of the infected device, the key to be used to unlock the infected device, the icon to be used by the malware, custom mathematical operations to randomize the code, and the type of animation that will be displayed on the device.
Once the information has been entered, all the malware author has to do is click create and if they haven't already done so, subscribe to the service. The app then allows the user to start an online chat with the app's developer where they can arrange a one-time payment after which they can continue using the service to make as many ransomware variants as they desire.
Once created the malware is stored in the external storage in ready-to-ship condition It is then up to the user how they want to spread their newly created ransomware.
Researchers said the malware follows the typical Lockdroid behavior of locking the device's screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code.
“The emergence of easy to use malware development kits such as these lowers the bar for aspiring cyber criminals wanting to enter the ransomware game,” researchers said in the post. “Individuals with little technical knowledge can now create their very own customized Android ransomware.”
These apps even prove useful to hardened malware authors who could find these easy-to-use kits an efficient alternative to putting the work in themselves, researchers warned as they expect to see an increase in these ransomware variants as the TDKs become more widespread.
In order to protect form these type of attacks, researchers recommends users keep their software up to date, refrain from downloading apps from unfamiliar sites, only install apps from trusted sources, pay close attention to permissions requested by apps, install a suitable mobile security app, and make frequent backups of important data.