Experts from Lookout, a cybersecurity company, have detected two extremely dangerous spyware programs. Their creator is the Gamaredon hacker group, closely linked to the Russian FSB. Both tools can take full control of the victim's phone, and the obtained data goes straight to Russia.
Insidious programs impersonate popular applications
The first tools detected are BoneSpy. How to recognize it? Most often, it arrives on phones in the form of fake versions of the Telegram application or programs impersonating Samsung Knox. After installation, BoneSpy gains very broad permissions and is able to:
- read text messages
- record telephone conversations
- track location via GPS
- take photos with your camera
- take screenshots
- collect website browsing history
- steal contacts
- read notifications
- capture data from your phone
The second application, PlainGnome, is even more advanced. It uses modern solutions such as Jetpack WorkManager, which allow it to run in the background and collect data even when the phone appears to be idle.
Where do these programs come from?
The good news is that none of these programs have been available in the official Google Play Store. However, hackers have found other ways to deceive users. Malware is most often distributed in the form of:
- Fakes of popular applications (e.g. fake Telegram or Samsung Knox),
- Links in ads on Facebook, Instagram or other social media,
- Substituted Google search results,
- Applications downloaded from unknown sites.
What applications may be a threat?
If you downloaded apps from outside Google Play or used “alternative” sources, pay special attention to:
- Telegram – make sure you have the original app from Google Play and not a fake version.
- Samsung Knox – Samsung security system is only available for original Samsung devices. Fake apps impersonating Knox are dangerous.
- Applications pretending to be photo galleries, battery optimizers or tools that monitor phone performance – these are popular covers for malware.
- “Premium” tools downloaded from links in advertisements – if someone offers free versions of paid programs, there is probably a threat behind it.
How to defend yourself?
The rule is simple: Only install apps from official sources such as Google Play. The Google Play Store carefully checks each program before allowing it to be downloaded. Installing an application from outside the official store, e.g. from an unknown link or advertisement, may expose your phone to attack.
5 steps to protect yourself from the threat
- Remove suspicious applications – if you have something installed on your phone that is not from Google Play or suspicious versions of Telegram or Samsung Knox, uninstall it immediately.
- Check app permissions – see which programs have access to the camera, microphone or GPS. Suspicious permissions are a red alert.
- Use an antivirus program – scan the phone with good software, e.g. Bitdefender, Kaspersky or Norton.
- Don't click on suspicious links – avoid ads promising free premium programs or “improved” versions of popular applications.
- Update the system – regular Android system updates improve security and help fight new threats.