Russian FSB Hackers Unleash Dangerous New Android Spyware Campaign

Russian FSB Hackers Unleash Dangerous New Android Spyware Campaign

Russian Cyberspies Deploy New Android Spyware Arsenal

Russian state-backed hacking group Gamaredon has expanded its cyber espionage capabilities with two sophisticated Android spyware families: BoneSpy and PlainGnome. Security firm Lookout recently uncovered these tools targeting Russian-speaking individuals in former Soviet states.

BoneSpy: The First Wave
– Active since 2021
– Based on open-source DroidWatcher surveillance app
– Distributed through fake Telegram apps and Samsung Knox impersonation
– Key capabilities:
* SMS message collection
* Audio and call recording
* GPS tracking
* Camera access and screenshot capture
* Browser history monitoring
* Contact and call log extraction
* Clipboard and notification access

PlainGnome: The Evolution
– Emerged in 2024
– Custom-built surveillance malware
– Features two-stage installation process
– Advanced capabilities include:
* All BoneSpy features
* Smart data exfiltration using Jetpack WorkManager
* Stealth recording during device idle state
* Enhanced operational security measures

Security Implications
– Neither spyware appears on Google Play Store
– Distribution through targeted social engineering
– Google Play Protect offers protection against known variants
– Marks Gamaredon’s first documented mobile malware campaign
– Represents significant expansion of FSB-linked group’s capabilities

This development signals a strategic shift in state-sponsored surveillance, highlighting the growing importance of mobile devices as intelligence gathering targets.

Share This Article