El Gato

El Gato targets Android OS and is distributed via a legitimate cloud service provider. It requests and receives commands from its C2 server via unencrypted HTTP traffic. El Gato’s capabilities include: file encryption and decryption, sending and exfiltrating SMS messages, locking the infected device, and killing application processes. El Gato displays a picture of a cat on the locked device screen. The ransom payment demand for this variant is currently unknown.

  • McAfee provides more information about El Gato here.
     
  • The NJCCIC is not currently aware of any decryption tools available for El Gato.
One example of the El Gato variant. Image Source: McAfee

One example of the El Gato variant. Image Source: McAfee