Another day, another instance of ransomware emerges on Android, according to a threat report by McAfee Labs Mobile Malware Research team. It’s been dubbed “El Gato†(“The Cat,†in Spanish) because the malware’s code contains an image of a yowling kitty.
McAfee discovered an instance of El Gato running on a compromised server, but noted that it appeared inert  it wasn’t password protected, and “included code words such as MyDifficultPassw.â€ÂÂÂ
El Gato is malicious software in the form of ransomware, code that renders a device unusable until the victim forks over money. This one is particularly sophisticated as El Gato can encrypt files, steal text messages, and even “block access†to the affected handset or tablet entirely.
El Gato accomplishes most of its work remotely, via a connection with an offshore server. It constantly monitors an infected device’s internet connection for commands and, once it receives them, executes on them.
Among the most common functions McAfee’s researchers discovered were sending messages from the infected device, forwarding and deleting text messages, locking the device’s screen, and crashing a specific application. Worryingly, it’s capable of performing many of those tasks clandestinely, in the background, making them effectively invisible to victims.
Most of El Gato’s commands are dispatched through a surprisingly polished web-based interface, said McAfee. They can be executed in sequence or individually  stealing a text message is as easy as clicking a button in a web browser.
El Gato is capable of encrypting all files on the device’s internal storage, rendering it essentially unusable without the randomly generated password it generates. It contains a means of reversing the damage  the malware has can decrypt any file it secures  but presumably only after an affected user hands over whatever form of payment the attacker demands.
The good news is El Gato hasn’t been observed in the wild yet, and its traffic is entirely unencrypted, making it susceptible to countermeasures. In other words, El Gato’s commands could be intercepted, isolated, and rendered harmless.
“These kinds of threats are usually distributed by attackers who buy exploit kits on black markets and who want to attack a specific company or group of people. The attackers often use phishing campaigns, Trojanized apps, social media networks, or other social engineering techniques,” McAfee says.