Toolkits like these are not unheard of. Seasoned hackers often refer to no- or low-talent hackers as “script kiddies,” which means people who don’t really know what they’re doing, but use root kits developed by veterans to make cheap knock-off threats.
Most of these are easily detected and defeated. What makes this app different than what we’ve seen before is twofold:
First, most of the “hacker toolkits” that have been created in the past have required at least a basic understanding of code in order to do anything with them. In this case, the app is easy to use and menu-driven. Even someone with no real understanding of code can create functional ransomware in no time.
Second, and perhaps more troubling, is the fact that the development of products like these are a clear indication of the growing sophistication of hackers around the world.While it’s true that there’s no formal, global organization that controls and directs the efforts of hacking groups around the world, it’s clear that these various groups are learning and taking cues from each other. The rapid progression of the tools they’re using and making available to newcomers is but one sign of this. The Hacker News says, “With an easy-to-use interface, these apps are no different from any other Android app apart from the fact that it allows users to create their custom mobile malware with little to no programming knowledge.” Bleeping Computer reports, “The app is currently advertised on Chinese underground hacking forums and via Chinese social media networks, and is offered as a commercial product, meaning users must pay a one-time fee before using it.” Dinesh Venkatesan, Symantec Official Blog, explains, “The entire process of creating a ready-to-use piece of malware is done on a smartphone without any requirement to write a single line of code.”
We’ve already seen highly coordinated attacks taking place on a global scale. The availability of tools like this not only helps make that more likely, but it also muddies the waters. When any and everyone can create viable cyber threats, they become virtually impossible to defend against. No matter how deep your pockets are, you simply can’t protect everything, all the time.
This is a troubling development indeed.