20th Century Fox
The program, called Tox, lets users build their own ransomware, which they then send to unsuspecting victims.
Ransomware works by distributing malicious files which, when downloaded, seize all of the victims' data until they fork over a specified amount of money.
Building such pieces of malware usually requires immense programming knowhow. Tox is especially interesting because anyone can use its simple interface to build their own virus and then send to whomever they like.
When the file is downloaded users are instructed to pay the ransom in Bitcoin, which is then transferred to both the Tox makers and the people who sent the file.
It's free to use Tox, but the service takes 30% of the cut from the ransom.
Jim Walter, director of advanced threat research at Intel (who first wrote about it on the McAfee blog) talked to Business Insider about the Tox discovery. Tox can only be accessed via the dark web, meaning users must use Tor browsers to visit the necessary web site anonymously.
Programs helping novices build malware are actually quite common. Walters explained that there are "plenty of malware kits," on the market currently. What makes Tox different exceptional is that it's completely web-based and it "requires no expertise."
It truly takes three steps:
- Enter the ransom sum
- Whatever notes you want included with the piece of malware
- Input a "captcha"
And then, voila, you're given the file to propagate, making you a bona fide hacker.
The researchers tested the program and found it to work as advertised. They did add that "the malware appears to lack complexity and efficiency within the code."