In a blog post, Symantec's Dinesh Venkatesan said these kits were different from the Android integrated development environment that could also be used to create similar malware.
Venkatesan said the app for creating the malware could be downloaded from a number of forums and via advertisements on a social networking messaging service that was popular in China.
He said there were plenty of options for customising the malware:
- The message that is to be displayed on the locked screen of the infected device;
- The key to be used to unlock the infected device;
- The icon to be used by the malware;
- Custom mathematical operations to randomize the code; and
- Type of animation to be displayed on the infected device.
Once these details were out of the way, the new malware author could continue to make as many different malware samples as needed. (The malware generator app is seen on the right)
Venkatesan said the apps used for malware creation that he had analysed so far were all aimed at those who spoke Chinese.
"The emergence of easy to use malware development kits such as these lowers the bar for aspiring cyber criminals wanting to enter the ransomware game," he said.
"Individuals with little technical knowledge can now create their very own customised Android ransomware.
"However, these apps are not just useful for aspiring and inexperienced cyber criminals as even hardened malware authors could find these easy-to-use kits an efficient alternative to putting the work in themselves."
Asked why only Android was being targeted, a Symantec spokesperson responded: "Only Android is being targeted as it is an open platform, and the volume of Android devices in the market makes them more lucrative targets for cyber criminals."
Graphics: courtesy Symantec