View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers launch build-your-own-ransomware tool, says Intel Security

Tox is available for free, but its creators take a 20% cut of the profits.

By Jimmy Nicholls

Hackers have allegedly released a build-your-own-ransomware kit online for free onto the dark web in only the latest evidence that the black market for malware is flourishing online.

Would-be criminals are said to be able to download the Tox kit for free after registering on the tool’s website, with the creators of the customised malware tool taking a 20% cut of the blackmail fee.

Jim Walter, director of advance threat research for Intel Security, which found the kit, wrote online: "The packaging of malware and malware-construction kits for cybercrime ‘consumers’ has been a long-running trend.

"Various turnkey kits that cover remote access plus botnet plus stealth functions are available just about anywhere. Ransomware, though very prevalent, has not yet appeared in force in easy-to-deploy kits [until now]."

Like other types of ransomware, which encrypts a victim’s files and demands payment for them to be released, Tox allegedly makes use of the anonymous network Tor and the cryptocurrency Bitcoin to protect the identities of the criminals that use it.

In line with other pieces of malware it is also said to adopt evasive tactics to dodge basic cybersecurity measures that many computers would have in place, meaning that advanced tools such as sandboxes, whitelisting or intrusion prevention systems would be needed to stop it.

Walter reported that after filling in various fields online, including a Captcha used to block spam, customers of Tox download a 2MB file disguised as a Windows screensaver, which can then be distributed like any other form of malware.

Content from our partners
How Midsona accelerated efficiency and reduced costs with a modern ERP system
Streamlining your business with hybrid cloud
A hybrid strategy will help distributors execute a successful customer experience

"The Tox site (on the Tor network) will track the installs and profit," he said. "To withdraw funds, you need only supply a receiving Bitcoin address.

"We don’t expect Tox to be the last malware to embrace this model. We also anticipate more skilled development and variations in encryption and evasion techniques."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.