Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Gamaredon deploys ‘BoneSpy’ and ‘PlainGnome’ Android spyware in former USSR countries
Global Security

Gamaredon deploys ‘BoneSpy’ and ‘PlainGnome’ Android spyware in former USSR countries

AdminBy AdminDecember 12, 2024No Comments3 Mins Read
Android Spyware
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


December 12, 2024Ravi LakshmananMobile Security / Cyber ​​Espionage

Spyware for Android

A Russian-linked state-sponsored threat tracked as Gamaredon has been attributed to two new Android spyware called BoneSpy and PlainGnomefor the first time, an adversary was found to be using a mobile-only malware family in its attacks.

“BoneSpy and PlainGnome Target Former Soviet Countries and Focus on Russian-Speaking Victims.” — Lookout said in the analysis. “Both BoneSpy and PlainGnome collect data such as SMS messages, call logs, phone conversation audio, photos from device cameras, device location, and contact lists.”

Hammeredonalso known as Aqua Blizzard, Armageddon, BlueAlpha, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder, is a hacking group affiliated with Russia’s Federal Security Service (FSB).

Cyber ​​security

Insikt Group with Recorded Future last week revealed threat actors’ use of Cloudflare tunnels as a tactic to hide their staging infrastructure containing malicious payloads such as GammaDrop.

BoneSpy is believed to have been around since at least 2021. PlainGnome, on the other hand, only came out earlier this year. The campaign’s possible targets are Uzbekistan, Kazakhstan, Tajikistan, and Kyrgyzstan, based on VirusTotal’s submission of artifacts. At this stage, there is no evidence that the malware was used against Ukraine, which was exclusively the group’s focus.

Back in September 2024, ESET also disclosed that Gamaredon had unsuccessfully attempted to infiltrate targets in several NATO countries, namely Bulgaria, Latvia, Lithuania and Poland in April 2022 and February 2023.

Spyware for Android

Lookout theorized that the attack on Uzbekistan, Kazakhstan, Tajikistan and Kyrgyzstan “could be related to the deterioration of relations between these countries and Russia after the invasion of Ukraine.”

The attribution of the new Gamaredon malware comes from the trust of dynamic DNS providers and overlaps in IP addresses pointing to the command and control (C2) domains used by both mobile and desktop companies.

BoneSpy and PlainGnome share an important difference in that the former is derived from open source DroidWatcher spyware, is a standalone application, while the latter acts as a dropper for its embedded surveillance payload. PlainGnome is also a specially crafted malware, but it requires the victim’s permission to install other programs via REQUEST_INSTALL_PACKAGES.

Cyber ​​security

Both tracking tools implement a wide range of features to track location, collect information about the infected device and collect SMS messages, call logs, contact lists, browser history, audio recordings, ambient sound, notifications, photos, screenshots and cellular carrier. details. They also try to gain root access.

The exact mechanism by which the malicious apps are distributed remains unclear, but it is suspected to involve targeted social engineering by posing as battery monitoring apps, photo gallery apps, fake Samsung Knox apps, and fully functional but trojanized apps Telegram.

“While PlainGnome, which first appeared this year, has a lot of overlap in functionality with BoneSpy, it doesn’t appear to have been developed on the same code base,” Lookout said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025

Hackers operate incorrectly configured API Docker to hand over cryptocurrency via Tor Network

June 24, 2025

US House forbids WhatsApp on official security and protection devices

June 24, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.