Thugs developing cat-themed ransomware for Androids and Hitler ransomware for PCs

Cat-themed ransomware targeting Androids can encrypt files and silently steal text messages; Hitler ransomware targeting PCs demands payment via a gift card; after one hour, the user's files are deleted.

kitty cat
Credit: rihaij

What do a cute cat and Hitler have in common? Both are featured in ransomware; Hitler targets PCs and the cat-themed ransomware targets Androids.

Both are also considered to be under development at this time, meaning neither are currently big, bad boogeyman threats let loose in the wild to infect the masses. Things could change if either ransomware is fully developed.

Cat-themed ransomware for Android

If some creep is going to lock up your phone screen, then seeing a cat is surely better than seeing Hitler. Yet if your Android showed the cat below and nothing more, and you couldn’t move beyond the screen, then the cat would seem considerably less cute. You might not realize the kitty represented ransomware, since it comes with no ransom note.

ElGato, cat themed Android ransomware

The McAfee Labs Mobile Malware Research team, which discovered the ransomware for Android, said it can encrypt files on an SD card, silently steal text messages and block access to the Android.

Once El Gato, Spanish for “the cat,” is installed, the attacker can control the ransomware and send commands to the Android via a web-based control panel. McAfee Labs researcher Fernando Ruiz said the malware runs on a legitimate cloud service provider and has botnet capabilities. The commands which can be sent include:

Web based control panel can send commands for cat-themed Android ransomware

The kicker is that the malware uses AES encryption with a hardcoded password, making decryption “trivial.” It’s likely this ransomware isn’t ready for prime-time attacks and is still a malicious work in progress.

Ruiz noted:

This ransomware variant looks like a demo version used to commercialize malware kits for cybercriminals because the control server interface is not protected and includes in the code words such as MyDificultPassw.

After an attacker purchased such an exploit on a black market, the hacker would try to trick the targeted people or companies into becoming infected “via phishing campaigns, Trojanized apps, social media networks, or other social engineering techniques.”

Hopefully, the cat-themed Android ransomware will never move out of the development stage. The researchers reached out to the owners of the abused servers and asked them take down the malicious service.

Hitler-themed ransomware

Grammar Nazis might flip after seeing the Hitler ransomware includes a typo on the lock screen, declaring it is the “Hitler-Ransonware.”

AVG malware analyst Jakub Kroustek discovered the threat and reported it to Bleeping Computer.

Hitler ransomware and grammar Nazis Jakub Kroustek

Like the cat-themed ransomware for Android, this malware is believed to still be under development. Bleeping Computer reported the Hitler ransomware doesn’t encrypt files as it claims to have done on the locked PC screen which features a picture of Hitler; based on German text in the code, the developer seems to have German roots. When translated to English, the Hello World text states, “This is a test” and “I am a Pro.”

Bleeping Computer reported:

This ransomware appears to be a test variant based on the comments in the embedded batch file and because it does not encrypt any files at all. Instead this malware will remove the extension for all of the files under various directories, display a lock screen, and then show a one-hour countdown.

Instead of demanding a bitcoin ransom, the victim is told to pay up via a €25 “Vodafone card” – which is about $28 – and then enter the code found on the card. While this is uncommon, it is not the first ransomware to demand payment via gift cards such as from iTunes or Amazon.

After the hour is up, the ransomware crashes the victim’s computer and shows the dreaded Blue Screen of Death (BSOD). Upon reboot, it deletes all files listed in the user’s profile folder.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.