Skip to main content
  1. Home
  2. Mobile
  3. News

New 'El Gato' Android ransomware may sound cute, but it packs a punch

By

el gato android ransomware cat
Flickr/Jarjav CC
A killer software cat may be coming for your text messages, according to a threat report by McAfee Labs Mobile Malware Research team. It’s been dubbed “El Gato” — “The Cat,” in Spanish — because the Android malware’s code contains, of all things, an image of a yowling tabby.

McAfee discovered an instance of El Gato running on a compromised server, but noted that it appeared inert — it wasn’t password protected, and “included code words such as MyDifficultPassw.” 

Recommended Videos

Unlike the pictured kitty, El Gato is anything but cute and cuddly. The malicious software is a form of ransomware, code that renders a device unusable until the victim forks over money. This one is particularly sophisticated, from the sound of it — El Gato can encrypt files, steal text messages, and even “block access” to the affected handset or tablet entirely.

El Gato accomplishes most of its nasty shenanigans remotely, via a connection with an offshore server. It constantly monitors an infected device’s internet connection for commands and, once it receives them, executes on them. Among the most common functions McAfee’s researchers discovered were sending messages from the infected device, forwarding and deleting text messages, locking the device’s screen, and crashing a specific application. Worryingly, it’s capable of performing many of those tasks clandestinely, in the background, making them effectively invisible to victims.

The image contained in El Gato's code.
The image contained in El Gato’s code. Image used with permission by copyright holder

Most of El Gato’s commands are dispatched through a surprisingly polished web-based interface, said McAfee. They can be executed in sequence or individually — stealing a text message, frighteningly, is as easy as clicking a button in a web browser.

Perhaps worse yet, El Gato is capable of encrypting all files on the device’s internal storage — rendering it essentially unusable without the randomly generated password it generates. It contains a means of reversing the damage — the malware has can decrypt any file it secures — but presumably only after an affected user hands over whatever form of payment the attacker demands.

There’s good news, though: as far as malware goes, El Gato is relatively harmless. It hasn’t been observed in the wild yet, and its traffic is entirely unencrypted, making it susceptible to countermeasures. In other words, El Gato’s commands could be intercepted, isolated, and rendered harmless.

El Gato may be the latest instance of ransomware to emerge on Android, but it’s hardly the first. In May, cybersecurity analysts at Malwarebytes Labs discovered Cyber.Police, a malicious app that displayed a countdown timer, threatening message, and an explicit pornographic image to victims. It demanded that users purchase iTunes gift cards in exchange for an unlock code — a component which El Gato thankfully lacks, as of yet.

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Everything you need to know about the OnePlus 13
Official OnePlus 13 product renders showing rear panel colors.

OnePlus is an excellent brand that offers powerful flagship phones at a great value compared to some of its competitors. We followed every rumor about the OnePlus 13 for months, but now it's here — and it's everything we hoped for. It might not be available in the Western market yet, but it will be soon.

So, what makes the OnePlus 13 so special? Here's everything you need to know about OnePlus' latest flagship.
When is the OnePlus 13 being released?

Read more
Qualcomm Snapdragon 8 Elite vs. MediaTek Dimensity 9400: the race is on
Comparison of Qualcomm Snapdragon 8 Elite and MediaTek Dimensity 9400 processors.

The flagship mobile silicon race has entered its next phase, one that will dictate the trajectory of Android hardware heading into 2025. Merely weeks after MediaTek wowed us with the Dimensity 9400 system on a chip (SoC), Qualcomm also pulled a surprise with the reveal of the Snapdragon 8 Elite.

But this time around, the battle is not as straightforward. Where MediaTek is working closely with Arm and adopting its latest CPU and graphics innovations, Qualcomm has firmly put its faith in custom cores. These are no ordinary cores, but a next-gen iteration of the same fundamental tech stack that powers Windows on ARM laptops.

Read more
Discolored line on your new Kindle? You aren’t alone
Amazon Kindle Colorsoft Signature Edition on a table.

The new Kindle Colorsoft Signature Edition is the first full-color e-reader, and a lot of bookworms couldn't wait to get their hands on it. Sadly, many people are reporting the display has a discolored yellow area at the bottom of the screen. The problem is so widespread that the Kindle Colorsoft dropped to an average review rating of 2.6 out of 5, although it does remain the bestselling e-book reader at the moment.

The cause of the discoloration isn't clear. Some users report that it only happens when using the edge lighting feature on the Kindle, while others say it appeared after a software update. Either way, the yellowing is a problem, especially on a device that Amazon has marketed as being great for comics and graphic novel fans. It's hard to enjoy the colorwork in a comic when it's distorted.

Read more