Kaspersky Lab reported that Svpeng which is known in Russia, has been directed to the US and the UK.
"For now, this piece of malware, allegedly of Russian origin, does not steal credentials, but it is only a matter of time, since Svpeng is just a modification of a well-known Trojan that operates in Russia and is used mainly for money stealing," said the company.
The malware of part of the group known as ransomware because the software is capable of locking down devices and demanding payment.
When this type of malware hit computer users in the Commonwealth of Independent States, people were forced to pay between €100 to €300 to have their computers unlocked, though the cyber criminals still have remote control.
Kaspersky warned that the malware could potentially be devastating to file encryption on mobile devices.
"Additionally the Trojan’s code contains some mentions of the Cryptor method which was not used yet, so it is likely that soon it will be utilised for file encryption. In this case Svpeng will become the second most well-known mobile malware, with such functionality after Pletor, which appeared in the wild in May 2014."
Svpeng locks mobile devices after scanning for financial applications on a victim's phone. It uses a fake FBI penalty notification letter to demand payment of $200 in Green Dot prepaid MasterCard and Visa cards.
Kaspersky Lab tests a variety of devices and software for security at its Moscow offices. (Duncan Alfreds, Fin24)
"It is impossible to repel an attack of American Svpeng if a mobile device doesn't have a security solution - the malware will block the device completely, not separate files as Cryptolocker did. If it happens to you, you can do almost nothing," said Roman Unuchek, senior malware analyst at Kaspersky Lab.
The malware is responsible for 91% of attacks in the US and UK, the company found, indicating that it could migrate to other English-speaking countries and territories.
Unuchek said that there was a slim chance to fix a mobile device infected with the malware identified as Trojan-Banker.AndroidOS.Svpeng.a.
"The only hope for unlocking the device is if it was already rooted before it was infected. Then it could be unlocked without deleting the data. One more option is to remove the Trojan, if your phone wasn’t rooted is to boot into “Safe Mode” and erase all data on the phone only, while SIM and SD cards will stay untouched and uninfected."
- Follow Duncan on Twitter