PlainGnome and Bonespy Russian Android spyware discovered | Threat Intel
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Two Android surveillance families, BoneSpy and PlainGnome, have been discovered and attributed to the Russian Gamaredon APT group, associated with the FSB. BoneSpy, active since 2021, is based on open-source DroidWatcher, while PlainGnome emerged in 2024. Both target Russian-speaking victims in former Soviet states, collecting data such as SMS messages, call logs, audio, photos, location, and contacts. The malware is likely distributed through targeted social engineering. Infrastructure analysis reveals connections to known Gamaredon domains and Russian ISPs. This discovery marks Gamaredon's first known mobile surveillance tools, expanding their capabilities beyond desktop campaigns.
OPENCTI LABELS :
russia,spyware,android,surveillance,fsb,plaingnome,shuckworm,primitive bear,bonespy
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
PlainGnome and Bonespy Russian Android spyware discovered | Threat Intel