In a new report, security researchers have identified two new spyware infections targeting Android users by the Russian cyber espionage group Gamaredon. These spyware, called BoneSpy and PlainGnome, were developed to steal user data and spy on users. In particular, BoneSpy spreads via trojan-infected applications, while PlainGnome stands out for its advanced features.
BoneSpy: Trojan-infected fake applications
According to Lookout’s report, BoneSpy has features such as collecting SMS messages, recording phone calls and tracking GPS data. In addition, sensitive data on the device such as browser history, search details, e-mail addresses and screenshots are also captured by spyware.
BoneSpy usually infects users through fake applications. These applications include the following:
- Battery charge monitor applications
- Photo gallery applications
- Fake Samsung Knox apps
- Trojan-laden Telegram applications under the name of ‘beta’ version.
- PlainGnome: Advanced data theft techniques
PlainGnome is a spyware developed from scratch by Gamaredon… This software has similar features to BoneSpy, but uses a two-stage installation process. In the first stage, the installer positions the malicious payload on the device. Then the payload is activated, which performs the data theft.
The report states that this malware does not spread through Google Play. However, it is thought that users often download applications containing this spyware from third-party websites.
In this sense, as we have stated many times before, experts recommend that Android users should not install .apk by downloading applications from unknown sources and use up-to-date security software. In this sense, be careful to install applications only from official stores to ensure the security of your device.