Story image

Mobile malware creation is now as easy as downloading an app

28 Aug 2017

Mobile malware creation is as easy as downloading an app and potential criminals don’t even need to write a single line of code, according to a new blog from Symantec.

Researchers have discovered an app that can help criminals create their own customised Android malware through Trojan Development Kits (TDKs).

While similar apps have been spotted in the wild, the latest offering has is being distributed through hacking forums and through a popular Chinese social messaging service.

The app allows users to design their malware and customise aspects including the proposed ransom method, unlock key, type of ransom animation, custom maths to randomise the code and the icon that the malware uses.

According to Symantec blogger Dinesh Venkatesan, the automation of malware variants has been helped by a ‘Device Aided Malware Engineering’ tool model, which makes malware creation simpler than ever.

Venkatesan says that app’s interface isn’t different to any other Android app – the only difference it its purpose.

“Once all of the information has been filled in, the user hits the “create” button and, if they haven’t already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app’s developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire,” Venkatesan explains in the blog.

Once created, the malware is saved in external storage and is ready to infect devices. Criminals can spread the malware however they like; those who are tricked into downloading the malware are now faced with a locked device and a ransom.

“The malware created using this automation process follows the typical Lockdroid behavior of locking the device’s screen with a SYSTEM_ALERT_WINDOW and displaying a text field for the victim to enter the unlock code,” Venkatesan continues.

The Android.Lockdroid.E Trojan has been around since 2014. It locks Android devices and demands a ransom .

While the malware creators appear to be aimed at Chinese-speaking users so far, Venkatesan says it would not be difficult to create versions for different languages.

This new wave of malware development kits lowers the bar for aspiring cyber criminals who have very little technical knowledge.

However Venkatesan points out that professional malware creators could also use the kits as supplementary ways to continue their trade. Symantec expects the number of mobile ransomware variants to increase as TDKs gain traction.

Symantec offers the following tips to avoid downloading Trojans and malware:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by an app
  • Install a suitable mobile security app in order to protect your device and data
  • Make frequent backups of important data
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.