SimpleLocker ransomware for Android has been given an English release following a significant update, according to security firm ESET.
A variant of the trojan discovered by the company locks mobile phone files before showing a fake warning from the Federal Bureau of Investigation (FBI) and demanding victims pay $300 to avoid criminal charges of child and animal pornography.
Robert Lipovsky, security intelligence team leader at ESET, said: "From a technical perspective, the file-encrypting functionality remains virtually unchanged, apart from using a different encryption key, but this recent SimpleLocker variant does contain two additional tricks to make the victim’s life more miserable."
According to ESET the virus is now able to encrypt archives such as Zip, 7z, and RAR, a particular problem since backup tools are often stored inside such files.
It also asks for administrator privileges while being installed, potentially giving it the power to alter password policies or remotely wipe other devices, according to Lipovsky.
"As usual, the trojan will use social engineering to trick the user into installing it," he said, showing a screenshot of the virus posing as a Flash video player.
"Our Android SimpleLocker detection statistics until today don’t indicate the threat to be widespread in English speaking countries," he added.
A proof of concept for the malware was originally released in June targeting Russian and Ukrainian mobile users, and has since been circulating on underground forums.
Following its release Sussex University student Simon Bell decrypted the ransomware, after spotting the password hidden in the code.
"Future versions of the ransomware will probably not reveal the decryption password so easily and will likely receive it from the C&C [command and control] server," he said.