Russian FSB Hackers Unleash Dangerous New Android Spyware Campaign

Russian FSB Hackers Unleash Dangerous New Android Spyware Campaign

Russian Cyberspies Deploy New Android Spyware for Mobile Surveillance

Security researchers at Lookout have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, developed by the Russian cyber-espionage group Gamaredon (also known as Shuckworm). This marks the group’s first documented expansion into mobile device targeting.

BoneSpy: The Earlier Variant
– Active since 2021
– Based on open-source DroidWatcher surveillance app
– Distributed through fake Telegram apps and Samsung Knox impersonation
– Core capabilities include:
* SMS message collection
* Audio and call recording
* Location tracking
* Camera access and screenshot capture
* Browser history monitoring
* Contact and call log extraction
* Clipboard and notification access

PlainGnome: The Advanced Evolution
– Emerged in 2024
– Custom-built surveillance malware
– Features two-stage installation process
– Enhanced capabilities include:
* All BoneSpy features plus:
* Smart data exfiltration during device idle time
* Stealth recording mode
* Advanced persistence mechanisms

Distribution and Targeting
– Neither spyware appears on Google Play Store
– Primarily targets Russian-speaking individuals in former Soviet states
– Deployment through social engineering and targeted website downloads
– Requires dangerous permission approvals masked as communication app features

This development demonstrates Gamaredon’s strategic shift toward mobile surveillance, reflecting the growing importance of smartphones as intelligence targets. While sophisticated in functionality, both malware families notably lack code obfuscation, making them relatively easy to analyze once detected.

Share This Article