Users with devices running Google's Android mobile operating system are being targeted by criminals spreading malware that encrypts files and demanding money to unlock these, according to security vendor Kaspersky.
Kaspersky Lab named the Trojan Horse malware Trojan-Ransom.AndroidOS.Pletor.a, and said it has found over 2000 instances mainly in Russia and the former Union of Socialist Soviet Republic (USSR) countries.
It was first noted in May this year, when the malware went on sale in a virus writer online forum for US$5000, and was detected on users' devices the following month. Kaspersky believes it is the first of its kind for mobile devices.
Pletor spreads via fake pornographic sites, masquerading as a media player, or in other cases as a game or a utility app. It uses the Advanced Encryption Standard (AES) to scramble users' files, focusing on images, videos and documents.
The malware distributors demand 260 Ukrainan hryvnia (A$23.50) or 1000 to 1200 Russian rubles (A$31 - A$37) from victims to unlock devices.
Kaspersky recommended victims do not pay the ransom, as all the versions of the malware it has seen contains a key for unscrambling the encrypted files.
Ransomware has become a major nuisance for desktop users in recent years as criminals seek to extort money from victims, but mobile users have so far been saved from the scourge.
In May this year, a number of Australian and New Zealand Apple customer reported that they had been locked out of their devices, which showed a "hacked by Oleg Pliss" message and a demand of US$100 to unlock them.
The "Oleg Pliss" attack doesn't appear to have been conducted through malware infections, but through a compromise of user credentials to Apple's iCloud service. Apple has declined to provide detail of the attack.