Android users have faced many different security challenges over the past few years. It is evident that the platform is susceptible to many malware and spyware attacks. A new Chinese mobile application now allows anyone to create Android ransomware as they see fit. The fact that this can be done from a mobile device heralds a new era of malware development. Obviously, this does not bode well for anyone who comes in contact with the Android ecosystem on a regular basis.
Building Android Ransomware With a Smartphone
One has to applaud the ingenious effort demonstrated by malware developers to ensure ransomware remains one of the bigger threats to date. Although other criminal ventures may yet prove more lucrative over time, there is no reason to believe the ransomware industry will be going away anytime soon. In fact, more developers have been focusing their attention on mobile devices lately. A lot of consumers store data, videos, and photos on mobile devices which they cannot bear to lose. This means a lot of users are more than eager to pay for a decryption key in the case of a malware attack.
A new form of mobile application for the Android ecosystem originated in China and is currently making the rounds worldwide. Anyone who does not speak Chinese will not be able to read the description of this app, as foreign translations are not provided at this time. Regardless, the application itself allows anyone in the world to successfully create fully operational Android ransomware. All it takes is a few swipes and taps on the screen to do so. There is also a small form to fill out, making the entire process seem child’s play at best.
It appears this DIY tool has already generated ransomware variants based on the Lockdroid family. It turns out this Chinese application has been in circulation for nearly a full year now, yet it only recently caught the attention of researchers. Multiple ransomware strains generated by this application have been identified, all of which use the Lockdroid bare bones with a mixture of various other features and settings. Luckily, this ransomware family does not encrypt files, though it locks users’ devices with a PIN code chosen by the attacker.
Considering that the app allows people to create as little or as much destruction as they want, this development is quite worrisome. It does not require the slightest coding experience either, which opens the door for anyone wishing to experiment with Android ransomware. Several tools will be at the user’s disposal, including changing the unlock code of infected devices, creating random ransom screens, and using animations. We may even see some rather creative Android ransomware types in the near future.
Once the user customizes his or her own Android ransomware, they will receive a fully weaponized APK file. However, they will need to handle the distribution of their malware themselves. Then again, with so many people downloading third-party APK files these days, distributing this ransomware will not be overly difficult. It also appears the original app developer has built a solid project since there is no negative feedback regarding this offering so far. That in itself is pretty remarkable, although we have no idea how many people are actually using this Android tool right now.
Once criminals in other regions catch wind of this success story, we will likely see more localized versions of the same Android RaaS app in the coming years. The mobile ecosystem may prove a more lucrative market than targeting computer users. It is equally possible that developers will maintain a dual-pronged approach and create many variations to wreak havoc across different platforms. All of this goes to show ransomware is not just native to computer systems, but slowly continues gaining ground in the mobile industry as well.
