APP ATTACK

Android users warned of chilling Russian spy attack that records phone calls & takes photos without people realising

Experts believe the malware is accidentally installed onto Android devices by the victims themselves

MALWARE circulated by Russian cyber spies has been discovered targeting Android devices to record phone calls and access people's photos.

The malicious software is hidden inside fake versions of the Telegram app and Samsung Knox, a mobile security platform, according to cybersecurity experts at Lookout.

Advertisement

Two strains of malware are responsible for the attacks: BoneSpy, which has been active since 2021, and PlainGnome, which was discovered earlier this year.

Cyber spies known as Gamaredon, believed to be part of Russia's Federal Security Agency (FSB), are understood to be peddling the attacks to Russian-speaking Android users.

BoneSpy and PlainGnome are the first documented cases of Gamaredon malware targeting mobile devices, experts noted.

Lookout found BoneSpy to be capable of collecting text messages, recording audio and phone calls, capturing location data, taking pictures and screenshots, accessing a users browser history, and reading notifications.

Advertisement

Whereas its successor, PlainGnome, has all those capabilities and more.

PlainGnome has been added with sophisticated features that make it much harder to detect on Android devices.

For example, it records audio and phone calls only when the screen is off or idle, to avoid being spotted by victims.

Neither malware has been detected on Google Play.

Advertisement

Most read in Phones & Gadgets

CASE CLOSED
iPhone owner told ‘turn it off immediately’ after Apple fans spot ‘fire risk’
GOLDEN APPLE
Apple set to launch 'Ring rival' that can magically UNLOCK doors with NO key
YEAR WE GO!
WhatsApp's long list of secret tricks 'you missed in 2024' revealed
TUNE IN
TV channels returning for Christmas 2024 & exact numbers you need to find them

Experts, therefore, believe that the malware is accidentally installed onto Android devices by the victims themselves after a social engineering attack.

Horror Android mistake lets crooks clone your bank card in seconds for spending spree – and even silently withdraw cash

Social engineering attacks are the most common type of phishing scam.

They use psychological manipulation to convince victims into giving up personal information, or to click links and download software.

Once downloaded, the malware strains request dangerous permissions, such as access to text and cameras.

Advertisement

But given the malware is masquerading as messenger and security app, victims could be duped into approving the request.

SIGNS YOUR ANDROID PHONE IS INFECTED

Here's Google's official list of signs that you might have malware on your Android phone...

You may have malware on your device if:

  • Google signed you out of your Google Account to help protect you from malware on your device.
  • You notice suspicious signs on your device, like pop-up ads that won’t go away.

Device symptoms

  • Alerts about a virus or an infected device
  • Anti-virus software you use no longer works or runs
  • A significant decrease in your device’s operating speed
  • A significant, unexpected decrease in storage space on your device
  • Your device stops working properly or working altogether

Browser symptoms

  • Alerts about a virus or an infected device
  • Pop-up ads and new tabs that won't go away
  • Unwanted Chrome extensions or toolbars keep coming back
  • Your browsing seems out of your control, and redirects to unfamiliar pages or ads
  • Your Chrome homepage or search engine keeps changing without your permission

Other symptoms

  • Your contacts have received emails or social media messages from you, but you didn’t send the emails or messages.
Topics
Advertisement
machibet777.com