PlainGnome

Description

(Lookout) PlainGnome consists of a two-stage deployment in which a very minimal first stage drops a malicious APK once it’s installed. While the first and second stages use some variation on the Telegram package name, the actual functionality presented to the user is essentially the same as that observed in previous BoneSpy samples using the “image gallery” theme. This lure theme continued through most of PlainGnome’s deployment throughout 2024.

Names

Name
PlainGnome

Category

Malware

Type

• Reconnaissance
• Backdoor
• Info stealer

Information

• https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware

Other Information

Uuid

2f6eb326-1cd4-4e06-9521-b49bd22fe1ec

Last Card Change

2024-12-27