Lookout researchers have two new spyware families designed to infiltrate Android smartphones. Both malware were developed and deployed by Gamaredona gang of cybercriminals affiliated with Russia’s Federal Security Service (FSB). This service regularly employs hackers to carry out espionage operations.
Active since at least 2013, Gameredon specializes in phishing campaigns and malware-based offensives. However, this is the very first time in its history that the gang has attacked its targets through smartphones.
Also read: Cyberattack against customers of 8 French banks – a virus seeks to plunder your account
BoneSpy, the ultra-complete virus spy
The first virus, called BoneSpyappeared in 2021. To enter its targets’ phones, the virus hides in fake Telegram applications, one of the most popular tactics of hackers. It also hid in a fake version of Samsung Knox, an official Samsung security suite.
Once installed, the malware will collect all text messages, record ambient audio and phone conversations, vacuum GPS data, take photos with the camera, take screenshots, access browsing history and extracts the contents of the clipboard. In the process, the virus will consult your notifications and take over your contact directory.
In short, the virus seizes a multitude of personal information about its victims. According to Lookout, BoneSpy is based on the code of DroidWatcheran open source monitoring application.
PlainGnome, the stealthy malware
For its part, PlainGnome has exclusive source code. It is not based on an already available tool, and is still under development. The malware code is expected to evolve. Mirroring BoneSpy, it can siphon all data stored or passing through your smartphone.
PlainGnome, however, can only vacuum data when the device is not in use. He can “automatically stop recording when the device screen is activated”. This precaution allows the virus to remain undetected by the user.
It is also distinguished by a two-step installation process. This tactic involves relying on “dropper” malware. These software are only intended to install other viruses on victims’ smartphones by bypassing security measures. It is only once the “dropper” has arrived on the phone that it installs the real malware.
The Play Store is safe
At the moment, both viruses target individuals who live in former Soviet states, such as Uzbekistan, Kazakhstan, Tajikistan and Kyrgyzstan. It is likely that both viruses target also Ukrainegiven Gameredon’s history of misdeeds.
Good news, the new weapons of Russian hackers failed to enter the Google Play Store. BonySpy mainly caused damage between January and October 2022. On the PlainGnome side, attacks have multiplied since its appearance this year, as the code improves and gains new features.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Lookout
