Remove PlainGnome Android trojan

PlainGnome Android malware is a stealer trojan that targets Android devices. The trojan is believed to be operated by Gamaredon, a threat actor affiliated with the Federal Security Service of the Russian Federation (FSB). The malware appears to target Russian-speaking users in former USSR states, such as Uzbekistan, Kazakhstan, and Kyrgyzstan. The malware intends to steal information like call logs, contacts, device data, notifications, SMS, and browsing histories.

 

 

The PlainGnome trojan is specifically a threat to Android users. It appears to target Russian-speaking users in former USSR states. The trojan is believed to be operated by Gamaredon, also known as Primitive Bear or Shuchworm. These malicious actors are associated with Russia’s FSB and are targeting countries with which Russia is having increasingly more tense relations.

Successful infection hinges on users giving certain permissions and pressing a button. When users download the malicious app, they will first be asked to give permission to “REQUEST_INSTALL_PACKAGES”. If permission is granted, users will see a window with a button that says “catalog” in Russian. If users click on the button, the malware fully initiates.

PlainGnome Android trojan is a stealer trojan so its main target is information on the device. It can collect SMS, contacts, GPS location, environment sounds, and call audio. It’s also capable of taking pictures. The malware will record all environmental sounds, though it may stop when the device is activated to prevent users from noticing the malware as a microphone icon is displayed in the status bar when the microphone is active.

It will also collect device information, mobile service provider details, contacts, call logs (phone numbers, contact names, incoming/outgoing calls, date/time, and duration), notifications, received/sent SMS (date/time, recipients, SMS contents), and browsing histories.

Infections like this are very serious not only because they have the capability to steal a lot of information but also because they are stealthy. In order to collect as much information, the infections will try to stay hidden for as long as possible to avoid removal. The PlainGnome Android trojan in particular has the capability to record surrounding audio, which means it can be used to spy on users. If users don’t notice the infection, the spying could go on for months. And considering the operators of this malware are Russian state actors, they will likely target high-profile individuals.

How does PlainGnome Android trojan infect devices?

PlainGnome Android trojan appears to spread primarily via a fake “image gallery” themed app. However, it’s important to note that such infections can be disguised as other legitimate apps and found on third-party app stores and questionable download sites. These unofficial app stores are often filled with malicious apps because they lack the necessary security measures. A malicious app on a third-party store can infect countless users before it’s detected and removed. Therefore, it’s advisable to steer clear of unfamiliar app stores and stick to the Google Play Store. While some malicious apps occasionally slip through Google’s security, the likelihood of encountering malware on the Play Store is quite low in comparison. Still, even when using the Play Store, it’s important to thoroughly review apps before downloading. Check the developer’s credibility, read user reviews, and carefully check the permissions requested by the app.

When malicious actors specifically target individuals with malware, they often employ phishing and social engineering tactics. These attacks tend to be highly sophisticated and can be challenging to identify. For example, if malware is distributed through an email campaign, the contents would include a lot of personal information to give it credibility. However, sophisticated campaigns are typically reserved for high-profile targets, as they require more effort. Nevertheless, all users should exercise caution with any unsolicited emails or emails that contain links or attachments. Users should never click on unknown links or open unsolicited attachments. Additionally, users should remember that legitimate organizations and entities, such as law enforcement agencies, banks, and tax organizations, do not send emails containing links.

Moreover, downloading cracks and pirated content can also lead to infections with trojans like PlainGnome Android trojan. Various malware infections can be found on pirating websites, including those for free streaming and torrents. Users should be aware that engaging in piracy is not only content theft but can also pose serious risks to their computers and data.

Remove PlainGnome Android trojan

PlainGnome Android trojan is a serious malware infection and should be removed using an anti-malware app. Without an anti-malware app, it may be difficult to even notice the infection because PlainGnome Android trojan is a stealthy malicious app. Once you remove PlainGnome Android trojan from a device, it’s necessary to change all passwords for important accounts because the trojan could’ve stolen them.