The Russian hacker group Gamaredon has developed spyware to monitor Android users. The malicious programs BoneSpy and PlainGnome target Russian-speaking users in the countries of the former USSR.
BoneSpy, which has been operating since 2021, is based on the open-source application DroidWatcher. It can steal SMS messages, record calls and surrounding sounds, track location, and access browsing history and contacts.
PlainGnome, which appeared in 2024, is more complex. It uses a two-stage installation process, making it harder to detect. This program only records audio when the device is not in use and the screen is off, which helps avoid detection.
Both programs often masquerade as ordinary applications, such as Telegram or fake Samsung Knox services. They trick users into granting permissions to access SMS, calls, and cameras. These spyware programs are not available on Google Play and are offered for download through malicious websites.
As a reminder, Gamaredon, also known as Armageddon, is a cybercriminal organization involved in espionage and cyberattacks. It is known for its targeted attacks on organizations and individuals in Eastern Europe and the countries of the former USSR. Gamaredon uses phishing, malware, and social engineering to gain access to confidential information.
Read more on the topic:
Hackers in Russia target the Internet of Things
American company hacked by Russian hackers via Wi-Fi
Mailing list management platform attacked by hackers in Russia
