Skip to main content

New 'El Gato' Android ransomware may sound cute, but it packs a punch

el gato android ransomware cat
Flickr/Jarjav CC
A killer software cat may be coming for your text messages, according to a threat report by McAfee Labs Mobile Malware Research team. It’s been dubbed “El Gato” — “The Cat,” in Spanish — because the Android malware’s code contains, of all things, an image of a yowling tabby.

McAfee discovered an instance of El Gato running on a compromised server, but noted that it appeared inert — it wasn’t password protected, and “included code words such as MyDifficultPassw.” 

Recommended Videos

Unlike the pictured kitty, El Gato is anything but cute and cuddly. The malicious software is a form of ransomware, code that renders a device unusable until the victim forks over money. This one is particularly sophisticated, from the sound of it — El Gato can encrypt files, steal text messages, and even “block access” to the affected handset or tablet entirely.

Please enable Javascript to view this content

El Gato accomplishes most of its nasty shenanigans remotely, via a connection with an offshore server. It constantly monitors an infected device’s internet connection for commands and, once it receives them, executes on them. Among the most common functions McAfee’s researchers discovered were sending messages from the infected device, forwarding and deleting text messages, locking the device’s screen, and crashing a specific application. Worryingly, it’s capable of performing many of those tasks clandestinely, in the background, making them effectively invisible to victims.

The image contained in El Gato's code.
The image contained in El Gato’s code. Image used with permission by copyright holder

Most of El Gato’s commands are dispatched through a surprisingly polished web-based interface, said McAfee. They can be executed in sequence or individually — stealing a text message, frighteningly, is as easy as clicking a button in a web browser.

Perhaps worse yet, El Gato is capable of encrypting all files on the device’s internal storage — rendering it essentially unusable without the randomly generated password it generates. It contains a means of reversing the damage — the malware has can decrypt any file it secures — but presumably only after an affected user hands over whatever form of payment the attacker demands.

There’s good news, though: as far as malware goes, El Gato is relatively harmless. It hasn’t been observed in the wild yet, and its traffic is entirely unencrypted, making it susceptible to countermeasures. In other words, El Gato’s commands could be intercepted, isolated, and rendered harmless.

El Gato may be the latest instance of ransomware to emerge on Android, but it’s hardly the first. In May, cybersecurity analysts at Malwarebytes Labs discovered Cyber.Police, a malicious app that displayed a countdown timer, threatening message, and an explicit pornographic image to victims. It demanded that users purchase iTunes gift cards in exchange for an unlock code — a component which El Gato thankfully lacks, as of yet.

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
New iPad Air incoming? There’s a low stock warning
A person holding the Apple iPad Air (2024), showing the screen.

Less than a year has passed since the release of the current iPad Air. However, a new one could launch very soon. As Bloomberg’s Mark Gurman notes, the inventory for the popular tablet is dwindling, suggesting that a new model is set to launch.

The 2024 iPad Air was launched in May 2024, introducing a new 13-inch model alongside the traditional 11-inch model. Both versions feature Liquid Retina displays that offer vibrant colors and sharp details and are powered by the M2 chip, which provides improved performance compared to the previous generation. Beyond this, there were a few changes made between this and the previous model, which arrived in 2022.

Read more
Samsung might return to all-Exynos for its Galaxy S26 lineup
A close up of the triple camera on the Samsung Galaxy S25 Plus

Samsung has seen a smoother development with its Exynos 2600 chip than it did with the 2500, according to a new report. Prior to the release of the Samsung Galaxy S25, rumors suggested the phone could use the Exynos 2500 or the Snapdragon 8 Elite, and leaks provided a lot of conflicting information. Now, a report from a Korean news outlet says the company has already achieved a 30% yield from its manufacturing process.

The company is using a 2 nanometer production process, and it's initial yields were higher than expected according to The Bell. Samsung plans to start mass production of this chip in the second half of the year and say it could improve performance by 12% and power efficiency by 25%.

Read more
Google Messages might let you unsend awkward messages in RCS chats
The Google Messages app on the Galaxy S25 Ultra.

Google Messages, the default messaging app on Android phones, could soon get new features that will let you unsend texts like third-party messengers. The unsend functionality is reportedly under testing and will be available for chats over RCS protocol, which succeeds traditional SMS with improved support for multimedia, emoji, reactions, etc.

Presently, when you delete a message, it is only removed from your device without impacting other participants in the chat. Now, Google appears to be testing a new "delete for everyone" functionality for conversations that will delete messages for all parties, similar to instant messaging apps such as WhatsApp and Telegram. 9to5Google spotted references to the under-development functionality, suggesting it might be available for a wider audience to benefit from -- though the exact timeline of remains unknown.

Read more