Lookout Discovers Three New State-Backed Android Surveillance Tools
Lookout, a mobile security provider, has discovered three new surveillance tools targeting Android devices. Two, BoneSpy and PlainGnome, are linked to Russia's FSB, while the third, EagleMsgSpy, is suspected to be backed by the Chinese government.
BoneSpy and PlainGnome, developed by Gamaredon, an FSB-associated APT group, are active and target Russian-speaking individuals in former Soviet countries. Both tools have broad surveillance capabilities, including location tracking and data collection.
BoneSpy, in use since 2021, is derived from Russian open-source DroidWatcher. PlainGnome, appearing in 2024, shares similar theming and C2 server properties with BoneSpy.
EagleMsgSpy, used by Chinese government agencies since at least 2017, collects extensive data like screenshots, call logs, and GPS coordinates. It targets multiple messaging apps and 'Five Poison' communities: Falun Gong practitioners, Uyghurs, Tibetans, Taiwanese people, and Hong Kong pro-democracy advocates. Lookout assesses with high confidence that Wuhan Chinasoft Token Information Technology Co., Ltd. developed EagleMsgSpy.
The discovery of these tools sheds light on ongoing state-backed surveillance efforts. While BoneSpy and PlainGnome target former Soviet countries, EagleMsgSpy focuses on specific communities within China. Mobile security providers like Lookout remain vigilant against such threats.
