A new Trojan operating in the United States and United Kingdom, dubbed "Svpeng," demands $200 payment after locking smartphone users out of their devices. The likely Russian-made malicious code doesn't steal login credentials yet, but that is the likely next step, according to researchers from Kaspersky Lab.
Users that don't have some type of anti-malware solution on devices are at higher risk, and there are no easy ways to get around the Trojan once it has been installed. Unless a device has been previously rooted, the only other way to remove it is to boot into safe mode and erase all content on the phone.
The malware looks for the following mobile apps: USAA Mobile, Citi Mobile, Amex Mobile, Wells Fargo Mobile, Bank of America Mobile Banking, TD App, Chase Mobile, BB&T Mobile Banking, and Regions Mobile.
"It's impossible to repel an attack of American Svpeng if a mobile device doesn't have a security solution - the malware will block the device completely, not separate files as Cryptolocker did," said Roman Unuchek, Kaspersky Lab Senior Malware Analyst, in a press statement. "If it happens to you, you can do almost nothing."