device malfunction

Recent findings from Lookout reveal malware targeting Android devices, specifically designed to record phone calls and access personal photos. This malware is hidden in counterfeit versions of popular apps like Telegram and Samsung Knox. Two strains identified are BoneSpy, operational since 2021, and PlainGnome, discovered earlier this year, both linked to the Gamaredon group associated with Russia's FSB, primarily targeting Russian-speaking users. BoneSpy can collect text messages, record audio and calls, capture location data, take pictures, access browser history, and read notifications. PlainGnome includes all these features but operates more stealthily, recording audio and calls only when the device is idle, making detection less likely. Neither strain has been found on Google Play, suggesting victims install it through social engineering attacks. Signs of infection include being signed out of Google accounts, persistent pop-up ads, alerts about viruses, malfunctioning antivirus software, decreased device speed, unexpected storage loss, and unauthorized changes to browser settings. Users may also notice their contacts receiving messages they did not send.