Lookout has identified what it calls ScarePakage mobile ransomware that not only renders phones inoperable and data inaccessible, but sends users a message that they are being investigated by the FBI in an attempt to extort several hundred dollars via a MoneyPak voucher.
The ransomware masquerades as popular apps such as Adobe Flash and anti-virus apps, then acts as if its scanning a victim's phone, according to a blog post penned by Lookout's Meghan Kelly.
Once the “scan” is complete, it locks the phone and makes it difficult to turn off. ScarePakage uses a Java TimerTask, running every 10 milliseconds, to effectively kill other running processes that a user might interact with. An Android WakeLock keeps the device from going to sleep.
The ransomware, which can steal a user's IMEI, is very similar to ransomware known as ColdBrother or Svpeng.