Initially, these so-called "police Trojans" targeted mostly European users.
After having seemingly locked the computer and geolocated the users' IP addresses, the malware would present a legitimate-looking warning purportedly coming from their country's police force about the users' alleged downloading of illegal or criminal content.
But unfortunately for users from the US and Canada, the criminals have finally began targeting them as well:
As usual, the users are asked to pay a fine - $100 in this particular case - in order to get their computer unblocked.
"UKash vouchers are not available in the US, thus the US fake police notification that spoofs the Computer Crime & Intellectual Property Section of the US Department of Justice only mentions PaySafeCard as the accepted payment method," say Trend Micro researchers.
"The criminals also took the time in adding plenty of logos of local supermarkets and chain stores where the cash vouchers are available."
According to them, there are indications that a Russian-speaking (and probably Russian-based) gang is behind this campaign and previous ones that pushed banking Trojans and a new worm onto unsuspecting users.
"We also found C&C consoles that suggest a high level of development and possible reselling of the server back-end software used to manage these attacks," the researchers say. Police Trojan attacks are here to stay – until they are done milking this cow and have to look for a fatter one, that is."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.