GCat is a backdoor trojan written in the Python programming language. It is a stand-alone executable that uses the PyInstaller program. The trojan downloads executables and executes shell-commands. Additionally, it can take screenshots, record keylogs, and upload files. Attackers control the backdoor using a Gmail account, making it difficult to detect the malicious traffic in the network.
- December 2015: GCat was found in the networks of the targeted Ukraine power companies. (ESET)
- Darknet provides technical details on the GCat trojan, here.