IT Security: Thugs developing cat-themed ransomware for Androids and Hitler ransomware for PCs

Cat-themed ransomware targeting Androids can encrypt files and silently steal text messages; Hitler ransomware targeting PCs demands payment via a gift card; after one hour, the user’s files are deleted

What do a cute cat and Hitler have in common? Both are featured in ransomware; Hitler targets PCs and the cat-themed ransomware targets Androids.

Both are also considered to be under development at this time, meaning neither are currently big, bad boogeyman threats let loose in the wild to infect the masses. Things could change if either ransomware is fully developed.

Cat-themed ransomware for Android

If someone is going to lock up your phone screen, then seeing a cat is surely better than seeing Hitler. Yet if your Android showed the cat below and nothing more, and you couldn’t move beyond the screen, then the cat would seem considerably less cute. You might not realize the kitty represented ransomware, since it comes with no ransom note.

The McAfee Labs Mobile Malware Research team, which discovered the ransomware for Android, said it can encrypt files on an SD card, silently steal text messages and block access to the Android.

Once El Gato, Spanish for “the cat,” is installed, the attacker can control the ransomware and send commands to the Android via a web-based control panel. McAfee Labs researcher Fernando Ruiz said the malware runs on a legitimate cloud service provider and has botnet capabilities. The commands which can be sent include:

The kicker is that the malware uses AES encryption with a hardcoded password, making decryption “trivial”. It’s likely this ransomware isn’t ready for prime-time attacks and is still a malicious work in progress.

After an attacker purchased such an exploit on a black market, the hacker would try to trick the targeted people or companies into becoming infected “via phishing campaigns, Trojanized apps, social media networks, or other social engineering techniques”.

Hopefully, the cat-themed Android ransomware will never move out of the development stage. The researchers reached out to the owners of the abused servers and asked them take down the malicious service.

Hitler-themed ransomware

Grammar Nazis might flip after seeing the Hitler ransomware includes a typo on the lock screen, declaring it is the “Hitler-Ransonware”.

AVG malware analyst Jakub Kroustek discovered the threat and reported it to Bleeping Computer.

Like the cat-themed ransomware for Android, this malware is believed to still be under development. Bleeping Computer reported the Hitler ransomware doesn’t encrypt files as it claims to have done on the locked PC screen which features a picture of Hitler; based on German text in the code, the developer seems to have German roots. When translated to English, the Hello World text states, “This is a test” and “I am a Pro”.

Instead of demanding a bitcoin ransom, the victim is told to pay up via a €25 “Vodafone card” – which is about $28 – and then enter the code found on the card. While this is uncommon, it is not the first ransomware to demand payment via gift cards such as from iTunes or Amazon.

After the hour is up, the ransomware crashes the victim’s computer and shows the dreaded Blue Screen of Death (BSOD). Upon reboot, it deletes all files listed in the user’s profile folder.

For more information and a personalized IT Solutions business offer, please contact us.