The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.
Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon, making them the first known mobile malware families linked to the Russian APT.
BoneSpy and PlainGnome were used in attacks against Russian-speaking victims in former Soviet states, likely due to strained relations post-Ukraine invasion.
Both BoneSpy and PlainGnome collect various data from infected devices and show similarities in infrastructure, techniques, and targeting, leading researchers to conclude that they are operated by Gamaredon.