MALWARE circulated by Russian cyber spies has been discovered targeting Android devices to record phone calls and access people’s photos.
The malicious software is hidden inside fake versions of the Telegram app and Samsung Knox, a mobile security platform, according to cybersecurity experts at Lookout.
Two strains of malware are responsible for the attacks: BoneSpy, which has been active since 2021, and PlainGnome, which was discovered earlier this year.
Cyber spies known as Gamaredon, believed to be part of Russia’s Federal Security Agency (FSB), are understood to be peddling the attacks to Russian-speaking Android users.
BoneSpy and PlainGnome are the first documented cases of Gamaredon malware targeting mobile devices, experts noted.
Lookout found BoneSpy to be capable of collecting text messages, recording audio and phone calls, capturing location data, taking pictures and screenshots, accessing a users browser history, and reading notifications.
Whereas its successor, PlainGnome, has all those capabilities and more.
PlainGnome has been added with sophisticated features that make it much harder to detect on Android devices.
For example, it records audio and phone calls only when the screen is off or idle, to avoid being spotted by victims.
Neither malware has been detected on Google Play.
Experts, therefore, believe that the malware is accidentally installed onto Android devices by the victims themselves after a social engineering attack.
Social engineering attacks are the most common type of phishing scam.
They use psychological manipulation to convince victims into giving up personal information, or to click links and download software.
Once downloaded, the malware strains request dangerous permissions, such as access to text and cameras.
But given the malware is masquerading as messenger and security app, victims could be duped into approving the request.
SIGNS YOUR ANDROID PHONE IS INFECTED
Here’s Google’s official list of signs that you might have malware on your Android phone…
You may have malware on your device if:
- Google signed you out of your Google Account to help protect you from malware on your device.
- You notice suspicious signs on your device, like pop-up ads that won’t go away.
Device symptoms
- Alerts about a virus or an infected device
- Anti-virus software you use no longer works or runs
- A significant decrease in your device’s operating speed
- A significant, unexpected decrease in storage space on your device
- Your device stops working properly or working altogether
Browser symptoms
- Alerts about a virus or an infected device
- Pop-up ads and new tabs that won’t go away
- Unwanted Chrome extensions or toolbars keep coming back
- Your browsing seems out of your control, and redirects to unfamiliar pages or ads
- Your Chrome homepage or search engine keeps changing without your permission
Other symptoms
- Your contacts have received emails or social media messages from you, but you didn’t send the emails or messages.
1
