New Russian cyberspies Gamaredon have been uncovered to use BoneSpy and PlainGnome spyware families to spy on and steal data from Android users.
According to Lookout, the first to discover the two malware families, BoneSpy has been around since 2021 while PlainGnome came out in 2024. They apparently target Russian-speaking countries.
Also known as “Shuckworm”, Gamaredon is suspected to be under Russia’s Federal Security Agency, and its operations are closely linked to Russia’s national geopolitical interests.
BoneSpy and PlainGnome are the first recorded cases of Gamaredon attacks, but it’s believed that the group behind it used different malware tools.
It is said that BoneSpy is usually being spread as trojan Telegram apps or by dressing up as Samsung Knox. It is based on the open-source DroidWatcher, which has been around since 2013.
See also: How to get rid of Android malware from your smartphone
Development for BoneSpy peaked in 2022 and has numerous capabilities like collecting SMS messages, taking pictures from the camera, capturing screenshots, and reading device notifications.
Meanwhile, PlainGnome is much newer and Lookout said it’s still being actively developed. It features a two-stage installation process that makes it much less conspicuous and more versatile.
It has all the capabilities of BoneSpy, with the addition of features like JetPack WorkManager, which steals data when the device is idle to avoid detection.
Lookout noted that neither malware is present on Google Play Store. So to keep your device safe, make sure to only download apps from official sources.
Via: Bleeping Computer