PlainGnome and Bonespy Russian Android spyware discovered | Threat Intel
Essential information
- Published
- 13/12/2024 13:13
- Modified
- 13/12/2024 13:30
- Tags
- 2024-12-13 android bonespy fsb plaingnome primitive bear russia shuckworm spyware surveillance
- Related entities
- 31 observables, 1 intrusion sets (apt), 5 techniques (mitre), 2 malware, 4 others
Description
Two Android surveillance families, BoneSpy and PlainGnome, have been discovered and attributed to the Russian Gamaredon APT group, associated with the FSB. BoneSpy, active since 2021, is based on open-source DroidWatcher, while PlainGnome emerged in 2024. Both target Russian-speaking victims in former Soviet states, collecting data such as SMS messages, call logs, audio, photos, location, and contacts. The malware is likely distributed through targeted social engineering. Infrastructure analysis reveals connections to known Gamaredon domains and Russian ISPs. This discovery marks Gamaredon's first known mobile surveillance tools, expanding their capabilities beyond desktop campaigns.