SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.bone_spy (Back to overview)

BoneSpy

Actor(s): Gamaredon Group

According to Lookout, BoneSpy is based on the Russian-developed, open-source DroidWatcher surveillanceware, featuring nearly identical code, names, and log messages in multiple classes related to the handling of databases containing collected exfil data such as call logs, location tracking, SMS messages, notifications, and browser bookmarks. Class names for many entry points (receivers, activities, and services) were either the same or very similar to DroidWatcher samples.

References
2024-12-11LookoutKyle Schmittle, Paul Shunk
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT
BoneSpy DroidWatcher PlainGnome

There is no Yara-Signature yet.