Want to write Android ransomware but don’t know how to code? No problem

You don’t need to know how to write a single line of code to write Android ransomware.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Want to write Android ransomware but don't know how to code? No problem

Symantec researchers have written about just how easy it is for anyone to become an Android malware author, thanks to the arrival of Trojan Development Kits (TDKs) for the smartphone platform:

Wannabe malware authors can start using TDKs by firstly downloading the free app. The apps are available from hacking forums and through advertisements on a social networking messaging service popular in China.

The app, which has an easy-to-use interface, is no different from any other Android app apart from the fact that it creates malware.

Sign up to our free newsletter.
Security news, advice, and tips.

To generate the malware, all the user needs to do is choose what customization they want by filling out the on-screen form.

Trojan development kit

In short, if you’re smart enough to play Crossy Road, you can create customised Android ransomware – deciding what messages will be displayed on locked devices, what key should be used to unlock it, and so forth.

You don’t need to know how to write a single line of code to write Android ransomware.

As researcher Dinesh Venkatesan explains, you can make as many pieces of mobile ransomware as you like once you’ve paid a one-time fee:

Once all of the information has been filled in, the user hits the “create” button and, if they haven’t already done so, is asked to subscribe to the service. The app allows the user to start an online chat with the app’s developer where they can arrange a one-time payment. Once the user has subscribed, they can continue with the process, making as many ransomware variants as they desire.

The only potential nusiance is that although you may not have to need to know how to program, you will have to be comfortable dealing with the Trojan Development Kit’s Chinese user interface.

Of course, if there is a demand for such tools, chances are that some will be built using languages more accessible to the rest of the world.

To be honest, my overwhelming feeling when reading Symantec’s report of malware construction kits for Android was to think – “has it really taken this long?”

25 years ago, in my early days in the anti-virus industry, I remember Nowhere Man’s Virus Creation Laboratory (VCL) which brought similarly easy malware creation to DOS users.

Nowhere man vcl

If anything, with its neat Turbo Vision user interface (including mouse support and context sensitive help), VCL was more sophisticated than some of the anti-virus products at the time.

It should be remembered that although VCL might it child’s play to write viruses, the malicious software it created was simple to detect because each sample from the factory bore similar characteristics. Let’s hope that this Android ransomware generator suffers from similar flaws which will help prevent it from having a significant impact.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “Want to write Android ransomware but don’t know how to code? No problem”

  1. Will D

    Hopefully Google (and other app stores) screen for this code.

  2. Michael Ponzani

    They just can't wait to steal, can they?

  3. drsolly

    I remember the Virus Creation Lab. I messed about with it for a few hours, and found that it could only make a few significantly different viruses. Writing signatures for them was trivial, and I don't think any of the rather trivial viruses it could make, were ever seen in the wild.

  4. Curran Padake

    I remember reading about VCL back in day. It was more like a child's toy rather then being a threat. As the viruses it created were very clumsy and simple and easily detected.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.