ScarePakage ransomware warns Android users of FBI probe

Lookout has identified what it calls ScarePakage mobile ransomware that not only renders phones inoperable and data inaccessible, but sends users a message that they are being investigated by the FBI in an attempt to extort several hundred dollars via a MoneyPak voucher.

The ransomware masquerades as popular apps such as Adobe Flash and anti-virus apps, then acts as if its scanning a victim's phone, according to a blog post penned by Lookout's Meghan Kelly. 

Once the “scan” is complete, it locks the phone and makes it difficult to turn off. ScarePakage uses a Java TimerTask, running every 10 milliseconds, to effectively kill other running processes that a user might interact with. An Android WakeLock keeps the device from going to sleep. 

The ransomware, which can steal a user's IMEI, is very similar to ransomware known as ColdBrother or Svpeng.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.