Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. 
Xbot can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.
Xbot can remotely lock infected Android devices and ask for a ransom.
Xbot uses phishing pages mimicking Google Play's payment interface as well as bank login pages.
Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.