Gamaredon’s Android Antics: Russian Malware Hits Former Soviet States
Russian APT group Gamaredon has upped its game with BoneSpy and PlainGnome, the first mobile malware families tied to them. These Android spyware tools are snooping on Russian-speaking victims in former Soviet states. With a sneaky two-stage deployment, PlainGnome disguises itself as innocent apps, proving even malware likes to play dress-up!
Hot Take:
Looks like Gamaredon has finally graduated to the big leagues of mobile malware, sending BoneSpy and PlainGnome on a field trip to the former Soviet states. Move over James Bond, there’s a new spy in town, and it’s got a penchant for Android devices!
Key Points:
- Gamaredon, a Russian-linked APT, has developed two new Android spyware tools: BoneSpy and PlainGnome.
- These malware families target Russian-speaking victims in former Soviet states, with no confirmed Ukrainian victims.
- BoneSpy shows roots in the Russian open-source app DroidWatcher, whereas PlainGnome is unique but similar in theme.
- PlainGnome employs a sneaky two-stage deployment process, mimicking benign apps to slip under the radar.
- Distribution methods are unclear but suspected to involve social engineering with fake apps like a trojanized Telegram.
Already a member? Log in here