Mobile ransomware targets English speakers

Kaspersky Lab does real-time monitoring of malware from its headquarters in Moscow. (Duncan Alfreds, Fin24)
Kaspersky Lab does real-time monitoring of malware from its headquarters in Moscow. (Duncan Alfreds, Fin24)
Cape Town - A new piece of malicious software for mobile devices is specifically targeting English speakers, a security company has revealed.

Kaspersky Lab reported that Svpeng which is known in Russia, has been directed to the US and the UK.

"For now, this piece of malware, allegedly of Russian origin, does not steal credentials, but it is only a matter of time, since Svpeng is just a modification of a well-known Trojan that operates in Russia and is used mainly for money stealing," said the company.

The malware of part of the group known as ransomware because the software is capable of locking down devices and demanding payment.

When this type of malware hit computer users in the Commonwealth of Independent States, people were forced to pay between €100 to €300 to have their computers unlocked, though the cyber criminals still have remote control.

Payment demand

Kaspersky warned that the malware could potentially be devastating to file encryption on mobile devices.

"Additionally the Trojan’s code contains some mentions of the Cryptor method which was not used yet, so it is likely that soon it will be utilised for file encryption. In this case Svpeng will become the second most well-known mobile malware, with such functionality after Pletor, which appeared in the wild in May 2014."

Svpeng locks mobile devices after scanning for financial applications on a victim's phone. It uses a fake FBI penalty notification letter to demand payment of $200 in Green Dot prepaid MasterCard and Visa cards.

Kaspersky Lab tests a variety of devices and software for security at its Moscow offices. (Duncan Alfreds, Fin24)

"It is impossible to repel an attack of American Svpeng if a mobile device doesn't have a security solution - the malware will block the device completely, not separate files as Cryptolocker did. If it happens to you, you can do almost nothing," said Roman Unuchek, senior malware analyst at Kaspersky Lab.

The malware is responsible for 91% of attacks in the US and UK, the company found, indicating that it could migrate to other English-speaking countries and territories.

Unuchek said that there was a slim chance to fix a mobile device infected with the malware identified as Trojan-Banker.AndroidOS.Svpeng.a.

"The only hope for unlocking the device is if it was already rooted before it was infected. Then it could be unlocked without deleting the data. One more option is to remove the Trojan, if your phone wasn’t rooted is to boot into “Safe Mode” and erase all data on the phone only, while SIM and SD cards will stay untouched and uninfected."

- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
Facebook is facing a fresh crisis after a former employee turned whistle-blower leaked internal company research . Do you still use Facebook?
Please select an option Oops! Something went wrong, please try again later.
Yes, the benefits outweigh the risk for me
26% - 355 votes
No, I have deleted it
44% - 589 votes
Yes, but I am considering deleting it
30% - 396 votes