SAN FRANCISCO, Calif. – A new strain of malware targeting U.S. users of Android-based equipment employs extortion to separate mobile device owners from $300. Called ScarePackage by the security firm that first noted the problem, the malware completely locks devices and is nearly impossible to remove even if the ransom is paid.

A spokesperson for mobile antivirus firm Lookout indicated the new ransomware mimics many of the behaviors seen in similar malware that has plagued Europeans for quite some time: When a user visits a compromised website, he or she is prompted to download Adobe Flash or another well-known app in order to continue. Once the user downloads and installs the malicious fake, a warning screen claiming to be from the FBI accuses the user of viewing illegal pornography and demands payment of a fine via a cash service in order to unlock the device.

Lookout calls ScarePackage “highly concerning” because it requires administrator-level access in order to attack. Once admin privileges are granted, the malware disables all other applications. The user cannot escape the warning screen even by rebooting the device. Attempts to navigate away from the warning screen are fruitless.

Even paying the ransom does not unlock the device once admin privileges have been granted, according to Lookout.

“ScarePakage is likely created by Russian or other Eastern European authors given language cues used in the application that we observed,” Lookout representative Meghan Kelly explained in a blog post. “Unfortunately, this ransomware is hard to remove if you give this malware device administrator privileges.”

The usual advice applies, Kelly noted: Protect mobile equipment with antivirus software, be suspicious of sites that require downloads in order to view their contents, and avoid granting administrator privileges to downloaded apps unless absolutely certain the apps are provided by a trusted source and are what they claim to be.