Hackers have allegedly released a build-your-own-ransomware kit online for free onto the dark web in only the latest evidence that the black market for malware is flourishing online.
Would-be criminals are said to be able to download the Tox kit for free after registering on the tool’s website, with the creators of the customised malware tool taking a 20% cut of the blackmail fee.
Jim Walter, director of advance threat research for Intel Security, which found the kit, wrote online: "The packaging of malware and malware-construction kits for cybercrime ‘consumers’ has been a long-running trend.
"Various turnkey kits that cover remote access plus botnet plus stealth functions are available just about anywhere. Ransomware, though very prevalent, has not yet appeared in force in easy-to-deploy kits [until now]."
Like other types of ransomware, which encrypts a victim’s files and demands payment for them to be released, Tox allegedly makes use of the anonymous network Tor and the cryptocurrency Bitcoin to protect the identities of the criminals that use it.
In line with other pieces of malware it is also said to adopt evasive tactics to dodge basic cybersecurity measures that many computers would have in place, meaning that advanced tools such as sandboxes, whitelisting or intrusion prevention systems would be needed to stop it.
Walter reported that after filling in various fields online, including a Captcha used to block spam, customers of Tox download a 2MB file disguised as a Windows screensaver, which can then be distributed like any other form of malware.
"The Tox site (on the Tor network) will track the installs and profit," he said. "To withdraw funds, you need only supply a receiving Bitcoin address.
"We don’t expect Tox to be the last malware to embrace this model. We also anticipate more skilled development and variations in encryption and evasion techniques."
