Android users warned of chilling Russian spy attack that records phone calls & takes photos without people realising
Share:
MALWARE circulated by Russian cyber spies has been discovered targeting Android devices to record phone calls and access people's photos. The malicious software is hidden inside fake versions of the Telegram app and Samsung Knox, a mobile security platform, according to cybersecurity experts at Lookout.
Two strains of malware are responsible for the attacks: BoneSpy, which has been active since 2021, and PlainGnome, which was discovered earlier this year. Cyber spies known as Gamaredon, believed to be part of Russia's Federal Security Agency (FSB), are understood to be peddling the attacks to Russian-speaking Android users.
BoneSpy and PlainGnome are the first documented cases of Gamaredon malware targeting mobile devices, experts noted. Lookout found BoneSpy to be capable of collecting text messages, recording audio and phone calls, capturing location data, taking pictures and screenshots, accessing a users browser history, and reading notifications.
Whereas its successor, PlainGnome, has all those capabilities and more. PlainGnome has been added with sophisticated features that make it much harder to detect on Android devices. For example, it records audio and phone calls only when the screen is off or idle, to avoid being spotted by victims.
Neither malware has been detected on Google Play. Experts, therefore, believe that the malware is accidentally installed onto Android devices by the victims themselves after a social engineering attack. Social engineering attacks are the most common type of phishing scam.
