This new variant, discovered by Zscaler, appears to target Russian speaking Android owners. It’s a cloned version of popular apps that is uploaded to 3rd party app stores. It waits 4 hours before kicking off a bunch of popup screens and finally holding the phone for ransom. While the ransom demand is low at about $8-$10 (500 Russian rubles), it’s still a good lesson to only download apps from legit stores.
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.