FlagThis

Amnesty International has exposed Serbian police’s use of Cellebrite’s forensic tools to extract data from journalists and activists’ phones, followed by the installation of a new Android spyware called NoviSpy. The spyware is suspected to be linked to the Serbian intelligence services, highlighting the misuse of surveillance technology against civil society and journalists. This sophisticated attack vector showcases a dangerous trend of using Cellebrite’s device-unlocking technology to plant malware.

The Russian-aligned Gamaredon APT group has been attributed to the development and deployment of two new Android spyware families named BoneSpy and PlainGnome. BoneSpy has been active since 2021, while PlainGnome appeared in 2024. These tools are used to target former Soviet states, focusing on Russian-speaking victims, and are used for surveillance purposes. These sophisticated malwares collect sensitive data including SMS messages, call logs, device location, and contact lists. PlainGnome acts as a dropper for the surveillance payload, while BoneSpy is deployed as a standalone application.

A new mobile surveillance tool named ‘EagleMsgSpy’ has been discovered, used by Chinese law enforcement to gather data from Android devices. This tool, operational since 2017, collects a range of sensitive data, including chat messages, screen recordings, audio, call logs, contacts, SMS, location, and network activity. The collected data is sent to a command-and-control server, raising concerns about privacy and potential misuse.

The FSB, Russian Federal Security Service, allegedly used a trojanized application to monitor a Russian programmer accused of supporting Ukraine. This highlights the use of sophisticated surveillance techniques by state actors against individuals perceived as threats. The incident underscores the importance of digital security and privacy, especially in high-risk environments. The spyware was hidden in an app that the programmer downloaded.