Full Report
2024-12-11 • Lookout • Kyle Schmittle, Paul Shunk • apk.droidwatcher Open article on Malpedia
Analysis Summary
# Threat Actor: Gamaredon APT (Inferred, based on the article title focus)
## Attribution & Identity
The article specifically discusses two new Russian Android spyware families discovered by Lookout, which are attributed to the **Gamaredon APT**.
## Activity Summary
Lookout discovered two previously unknown Android spyware families linked to the threat actor known as Gamaredon (also associated with the activity tracked as P Russian by some organizations). The specific details of the campaigns or historical activities are not present in the provided context snippet, only the discovery of new malware families associated with them.
## Tactics, Techniques & Procedures
* Specific TTPs are not detailed in the provided snippet, but the core TTP involves the development and deployment of **Android Spyware**.
* No specific MITRE ATT&CK IDs are mentioned in the provided text.
## Targeting
* **Sectors:** Not specified in the context.
* **Geography:** Implied Russian origin based on attribution. Targeting geography for the new spyware is unknown from this snippet.
* **Victims:** Not specified in the context.
## Tools & Infrastructure
* **Malware families used:** Two new Russian Android Spyware families (names not provided in the snippet).
* **Infrastructure:** No specific C2 domains, IPs, or URLs are mentioned in the provided context.
## Implications
The discovery implies that Gamaredon APT maintains active and evolving mobile espionage capabilities, specifically focusing on the Android ecosystem, indicating sustained Russian state-sponsored interest in mobile surveillance.
## Mitigations
* Mobile threat monitoring focused on detecting new non-public Android malware families.
* Vigilance regarding applications originating from untrusted sources, especially those associated with state-sponsored actors.