Svpeng, discovered in July 2013 by Kaspersky Lab, is a Trojan that targets Android devices. Originally, Svpeng was designed to steal credit card information from Russian bank customers. Since its inception, Svpeng has evolved into ransomware, locking phones, displaying a message that accuses the user of accessing child pornography and demanding that a fine be paid for the offense before the phone lock can be removed. Since June 2014, the Svpeng mobile ransomware started targeting Android users in the United States, demanding a $200 payment via MoneyPak. However, reports show that this ransomware has also targeted and infected mobile devices across the globe from the UK to India. Additionally, this nasty ransomware was reported to have infected 900,000 phones in the first 30 days it was released.
As Svpeng was originally created to steal credit card information, it also makes sense that the ransomware is very aware of the banking apps on the mobile devices that it infects. While Svpeng does not presently use this data against its American victims, there is a chance that the ransomware can evolve in order to compromise its victims’ banking apps in the future, as it did for its Russian victims. Svpeng checks for banking apps on its victims’ mobile devices before locking the device and demanding a ransom.