View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers launch build-your-own-ransomware tool, says Intel Security

Tox is available for free, but its creators take a 20% cut of the profits.

By

Hackers have allegedly released a build-your-own-ransomware kit online for free onto the dark web in only the latest evidence that the black market for malware is flourishing online.

Would-be criminals are said to be able to download the Tox kit for free after registering on the tool’s website, with the creators of the customised malware tool taking a 20% cut of the blackmail fee.

Jim Walter, director of advance threat research for Intel Security, which found the kit, wrote online: "The packaging of malware and malware-construction kits for cybercrime ‘consumers’ has been a long-running trend.

"Various turnkey kits that cover remote access plus botnet plus stealth functions are available just about anywhere. Ransomware, though very prevalent, has not yet appeared in force in easy-to-deploy kits [until now]."

Like other types of ransomware, which encrypts a victim’s files and demands payment for them to be released, Tox allegedly makes use of the anonymous network Tor and the cryptocurrency Bitcoin to protect the identities of the criminals that use it.

In line with other pieces of malware it is also said to adopt evasive tactics to dodge basic cybersecurity measures that many computers would have in place, meaning that advanced tools such as sandboxes, whitelisting or intrusion prevention systems would be needed to stop it.

Walter reported that after filling in various fields online, including a Captcha used to block spam, customers of Tox download a 2MB file disguised as a Windows screensaver, which can then be distributed like any other form of malware.

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

"The Tox site (on the Tor network) will track the installs and profit," he said. "To withdraw funds, you need only supply a receiving Bitcoin address.

"We don’t expect Tox to be the last malware to embrace this model. We also anticipate more skilled development and variations in encryption and evasion techniques."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU