Malware, Threat Intelligence, Application security

New BoneSpy, PlainGnome Android spyware deployed by Gamaredon

Spyware and ransomware concept with digital glitch effect, spooky hooded hacker with magnifying glass stealing online identity nad hacking personal web accounts.

(Adobe Stock)

Uzbekistan, Kazakhstan, Kyrgyzstan, and Tajikistan have been targeted by Russian state-backed threat operation Gamaredon — also known as Armageddon, BlueAlpha, Aqua Blizzard, and Primitive Bear — in attacks involving the novel BoneSpy and PlainGnome Android surveillance tools as part of its first-ever campaign with mobile-only malware, The Hacker News reports.

Malicious battery charge tracking and photo gallery apps, as well as a phony Samsung Knox app and trojanized Telegram app, have been leveraged to distribute the similar BoneSpy and PlainGnome spyware, which facilitate compromise of device location, call logs, contact lists, SMS messages, and other sensitive information, according to a Lookout analysis. Additional findings revealed Droid-Watcher-based BoneSpy to have been operating as a standalone app while PlainGnome served as a spyware dropper. "While PlainGnome, which first surfaced this year, has many overlaps in functionality with BoneSpy, it does not appear to have been developed from the same code base," said Lookout. Such a report comes after Gamaredon was discovered by Recorded Future's Insikt Group to have obscured GammaDrop malware compromise through the exploitation of Cloudflare Tunnels.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Related

Upstart Pumakit Linux rootkit malware examined

Attacks with Pumakit commence with the deployment of the cron dropper, which executes the '/memfd:tgt' and '/memfd:wpn' payloads, with the former eventually launching the 'puma.ko' LKM rootkit module that loads only after ensuring secure boot status and performing kernel symbol scanning.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

AdwareBlack HatBrowserDNS SpoofingDictionary AttackDisruptionGoogle HackingInformation WarfareMorris WormPassword Cracking

You can skip this ad in 5 seconds