[chisleu]

It's simple for the malware to check. For instance, you don't want to hit a Russian oligarch's laptop w/ ransomware just because his GPS says he is in another country. You don't want to trust the outbound ip because they might be on a VPN, etc. This is more broad and simple and easy. Can you think of a better way?

[charcircuit]

You could check what language the operating is set to, or the browser bookmarks /history to name a couple.

Checking installed keyboards is somewhat obscure and sounds like something someone cleverly came up with and I'm interested in how is sprea

[zarzavat]

Language wouldn't work, many bilingual people prefer to have their UI language set to English even if it's not their native language.