Lucy ransomware encrypts data on mobile devices using AES and then demands a $200 ransom via OneVanilla card to decrypt the files. It is designed for Android devices only.
GravityRAT makes a come back with versions for Android and MAC. It was previously know as for spying on Windows users only. It is capable of retrieving device data, contact lists, email addresses, call logs and SMS messages and can ex-filtrate various types of documents and files.
This is an Andorid Locker application that upon execute abuse android.permission.SYSTEM_ALERT_WINDOW and ask for a code to close the alert. It did not ask for ransom just an annoying alert box.
Cerberus Android Banking Trojan is back with more power and benefiting from the COVID-19 pandemic fear. It can by-pass Google Authenticator two-factor authentication which is considered more secure alternative to SMS.
EventBot is an android banking Trojan that steal user name passwords and crypto-wallets from its victims. It steal information from more that 200+ apps. It can read user SMS and thus bypass Two factor authentication.