What do a cute cat and Hitler have in common? Both are featured in ransomware; Hitler targets PCs and the cat-themed ransomware targets Androids.
Both are also considered to be under development at this time, meaning neither are currently big, bad boogeyman threats let loose in the wild to infect the masses. Things could change if either ransomware is fully developed.
Cat-themed ransomware for Android
If some creep is going to lock up your phone screen, then seeing a cat is surely better than seeing Hitler. Yet if your Android showed the cat below and nothing more, and you couldn’t move beyond the screen, then the cat would seem considerably less cute. You might not realize the kitty represented ransomware, since it comes with no ransom note.
The McAfee Labs Mobile Malware Research team, which discovered the ransomware for Android, said it can encrypt files on an SD card, silently steal text messages and block access to the Android.
Once El Gato, Spanish for “the cat,” is installed, the attacker can control the ransomware and send commands to the Android via a web-based control panel. McAfee Labs researcher Fernando Ruiz said the malware runs on a legitimate cloud service provider and has botnet capabilities. The commands which can be sent include:
The kicker is that the malware uses AES encryption with a hardcoded password, making decryption “trivial.” It’s likely this ransomware isn’t ready for prime-time attacks and is still a malicious work in progress.
This ransomware variant looks like a demo version used to commercialize malware kits for cybercriminals because the control server interface is not protected and includes in the code words such as MyDificultPassw.
After an attacker purchased such an exploit on a black market, the hacker would try to trick the targeted people or companies into becoming infected “via phishing campaigns, Trojanized apps, social media networks, or other social engineering techniques.”
Hopefully, the cat-themed Android ransomware will never move out of the development stage. The researchers reached out to the owners of the abused servers and asked them take down the malicious service.
Grammar Nazis might flip after seeing the Hitler ransomware includes a typo on the lock screen, declaring it is the “Hitler-Ransonware.”
Like the cat-themed ransomware for Android, this malware is believed to still be under development. Bleeping Computer reported the Hitler ransomware doesn’t encrypt files as it claims to have done on the locked PC screen which features a picture of Hitler; based on German text in the code, the developer seems to have German roots. When translated to English, the Hello World text states, “This is a test” and “I am a Pro.”
Bleeping Computer reported:
This ransomware appears to be a test variant based on the comments in the embedded batch file and because it does not encrypt any files at all. Instead this malware will remove the extension for all of the files under various directories, display a lock screen, and then show a one-hour countdown.
Instead of demanding a bitcoin ransom, the victim is told to pay up via a €25 “Vodafone card” – which is about $28 – and then enter the code found on the card. While this is uncommon, it is not the first ransomware to demand payment via gift cards such as from iTunes or Amazon.
After the hour is up, the ransomware crashes the victim’s computer and shows the dreaded Blue Screen of Death (BSOD). Upon reboot, it deletes all files listed in the user’s profile folder.