What is BoneSpy?
BoneSpy is a sophisticated Android spyware program that has been active since at least 2021. Rooted in the Russian open-source surveillance software DroidWatcher, BoneSpy has been linked to the Russian cyber threat group Gamaredon, also known as Primitive Bear or Shuckworm. This group, associated with the Federal Security Service (FSB) of the Russian Federation, has used BoneSpy to target Russian-speaking individuals in former USSR states such as Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
BoneSpy’s Detection Names
BoneSpy has been identified under various detection names by antivirus tools, including:
- Avast-Mobile: APK:RepMalware [Trj]
- DrWeb: Android.Backdoor.850.origin
- ESET-NOD32: A Variant of Android/Spy.Agent.CAF
- Kaspersky: HEUR:Trojan.AndroidOS.Boogr.gsh
For a complete list of detection names, you can reference online threat databases like VirusTotal.
BoneSpy Malware Overview
BoneSpy is categorized as spyware, capable of gathering extensive personal data from infected Android devices. Its functionalities vary across versions, but even the most basic variants are highly invasive. Here’s what you need to know about BoneSpy’s operation and capabilities:
Data Collection
Once installed, BoneSpy deploys anti-analysis techniques to avoid detection in virtualized environments. If the malware determines that the device is genuine, it begins gathering sensitive information, such as:
- Device-specific data (e.g., IMEI, SIM card details, mobile carrier information)
- File system data
- Installed applications
Root Access and Geolocation Tracking
BoneSpy attempts to gain root access to further its surveillance. It tracks geolocation through GPS and continuously monitors the victim’s movements.
Call and SMS Management
BoneSpy collects call and SMS data, including:
- Call logs (e.g., type, dates, durations, phone numbers, and contact names)
- Incoming/outgoing SMS messages (e.g., recipients, message content, timestamps)
The spyware can also initiate and record calls, send SMS messages, and block incoming texts.
Audio and Visual Surveillance
BoneSpy records audio, regardless of whether a call is ongoing, and captures screenshots or photos using the device’s camera.
Data Exfiltration
BoneSpy can access:
- Files and clipboard contents
- Notifications
- Browsing histories
- Calendar events
- Authentication tokens for apps like Facebook, Telegram, WhatsApp, and others
Remote Commands
One unique trait of BoneSpy is its ability to receive commands via SMS, enabling attackers to control the infected device remotely.
Threat Impact
BoneSpy’s presence on a device can lead to severe consequences:
- Privacy Violation: Loss of sensitive personal data
- Financial Damage: Theft of banking credentials and monetary losses
- Identity Theft: Abused credentials for social media or email accounts
- Device Performance: Slower performance, increased battery drain, and higher data usage
How BoneSpy Infects Devices
BoneSpy employs various distribution methods, including:
- Infected email attachments
- Malicious advertisements
- Social engineering tactics
- Deceptive applications
- Scam websites
Users need to be particularly cautious when downloading apps or opening unsolicited emails and links.
Symptoms of BoneSpy Infection
If your device is infected with BoneSpy, you may notice the following symptoms:
- Slow system performance
- Unauthorized changes to system settings
- Unfamiliar apps appearing on the device
- Increased battery and data consumption
How to Remove BoneSpy Malware
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Removing BoneSpy requires a systematic approach to ensure the malware is completely eradicated. Follow these steps:
Step 1: Boot into Safe Mode
- Power off your device.
- Press and hold the power button until the manufacturer’s logo appears.
- Release the power button and immediately press the volume down button.
- Hold the volume down button until the device boots into Safe Mode.
Step 2: Identify and Uninstall Suspicious Apps
- Navigate to Settings > Apps or Application Manager.
- Look for unfamiliar or suspicious applications.
- Select the app and tap Uninstall. If the app cannot be uninstalled, proceed to Step 3.
Step 3: Revoke Administrative Permissions
- Go to Settings > Security > Device Administrators.
- Deselect any suspicious apps from the list.
- Retry uninstalling the app.
Step 4: Use an Anti-Malware Tool
Install a trusted anti-malware application like SpyHunter to perform a full system scan. Remove any threats detected during the scan.
Step 5: Perform a Factory Reset (if Necessary)
If the malware persists, perform a factory reset:
- Back up your important data.
- Go to Settings > System > Reset Options > Erase All Data (Factory Reset).
Preventing Future Infections
Prevention is the best defense against spyware like BoneSpy. Follow these tips to safeguard your device:
Avoid Downloading Apps from Unofficial Sources
Always download applications from the Google Play Store or other trusted platforms.
Be Cautious with Permissions
Review app permissions carefully. Avoid granting unnecessary access to sensitive features like contacts or location.
Update Your Device Regularly
Keep your device’s operating system and apps up to date to ensure vulnerabilities are patched.
Use Reliable Security Software
Install a trusted anti-malware solution like SpyHunter to provide real-time protection against threats.
Avoid Clicking Suspicious Links
Refrain from opening links or downloading attachments from unknown senders.
Use Two-Factor Authentication (2FA)
Enable 2FA on your accounts to add an extra layer of security.
Conclusion
BoneSpy is a highly invasive Android spyware program capable of extensive data theft and surveillance. With links to Russian state-sponsored cyber activities, it poses a significant threat to user privacy and security. Removing BoneSpy requires swift action and careful steps to ensure complete eradication. Moreover, adhering to preventive measures can help protect against future infections.
