Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.

The crudeness of Android/Simplocker, as the malicious app has been dubbed, suggests it's still in the proof-of-concept phase, Robert Lipovsky, a malware researcher for antivirus provider Eset, said in a recent blog post. The malware also addresses users in Russian and demands that payments be made in Ukrainian hryvnias, an indication that it targets only people in Eastern Europe. Still, the trojan—with its combination of social engineering, strong encryption, and robust Internet architecture—could be a harbinger of more serious and widespread threats to come. After all, the first Android trojans to make hefty SMS charges also debuted in the same region.

Once installed on a device, the app delivers the following message:

WARNING your phone is locked!

The device is locked for viewing and distribution child pornography , zoophilia and other perversions.

To unlock you need to pay 260 UAH.

1. Locate the nearest payment kiosk.

2. Select MoneXy

3. Enter {REDACTED}.

4. Make deposit of 260 Hryvnia, and then press pay.

Do not forget to take a receipt!

After payment your device will be unlocked within 24 hours.

In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!”

The malware scans a handset's SD card for all files ending in jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4. It then uses the advanced encryption standard to encrypt them. It's not clear if paying the ransom actually results in the files being decrypted. Eset recommends users to not pay it. According to a separate post published Friday by Sophos, users can manually remove the malware by rebooting into safe mode, as long as they don't mind permanently losing the files that have been encrypted. Sophos said it's also possible for victims to restore their files by recovering the AES key stored inside the malware, although that technique requires some effort.

The Simplocker malware comes a month after researchers reported Android-based malware that disables handsets until users pay a hefty cash payment to settle trumped-up criminal charges involving the viewing of illegal pornography . And it comes about eight months after the notorious Cryptolocker malware permanently locked the entire contents large amounts of PC hard drives unless victims paid $300.

The malware Eset analyzed was contained in an app called "Sex xionix." The title isn't available in the Google Play Store, making it likely that the app is distributed elsewhere. Android users are reminded that they should think long and hard about the risks before changing the default OS settings to accept downloads from sources other than the Play Store. They should also remember that malicious or abusive titles regularly appear in the official Google market. People should remain wary when downloading apps, particularly those with relatively few downloads or from unfamiliar developer accounts.