Russian FSB Hackers Unleash New Android Spyware Arsenal Against Soviet States

Russian FSB Hackers Unleash New Android Spyware Arsenal Against Soviet States

Russia’s Gamaredon Group Expands Arsenal with New Android Spyware

Cybersecurity researchers have discovered that the Russian state-sponsored threat actor Gamaredon has developed two new Android spyware tools: BoneSpy and PlainGnome. This marks the group’s first venture into mobile-specific malware development.

According to Lookout’s analysis, both spyware variants target Russian-speaking populations in former Soviet states, collecting sensitive data including:
– SMS messages
– Call logs and audio
– Camera photos
– Device location
– Contact lists

BoneSpy, operational since 2021, is a standalone application derived from DroidWatcher spyware. PlainGnome, emerging in 2023, functions as a dropper requiring special permissions to install additional payloads.

Target countries likely include:
– Uzbekistan
– Kazakhstan
– Tajikistan
– Kyrgyzstan

The malware is reportedly distributed through social engineering tactics, disguising itself as legitimate applications such as:
– Battery monitoring tools
– Photo gallery apps
– Samsung Knox
– Modified Telegram client

Attribution to Gamaredon was confirmed through shared infrastructure patterns, including dynamic DNS providers and overlapping command-and-control IP addresses. This expansion into mobile malware represents a significant evolution in the FSB-affiliated group’s capabilities, though no evidence suggests deployment against their traditional Ukrainian targets.

Both spyware variants attempt to gain root access and collect comprehensive device data, including browser history, ambient audio, notifications, and cellular service information.

Share This Article