GCat is a backdoor trojan written in the Python programming language. It is a stand-alone executable that uses the PyInstaller program. The trojan downloads executables and executes shell-commands. Additionally, it can take screenshots, record keylogs, and upload files. Attackers control the backdoor using a Gmail account, making it difficult to detect the malicious traffic in the network.


  • December 2015: GCat was found in the networks of the targeted Ukraine power companies. (ESET)

Technical Details

  • Darknet provides technical details on the GCat trojan, here.

One example of the GCat trojan. Image Source: Darknet

Trojan VariantsNJCCICGCat