In a recent investigation, the Federal Security Service (FSB) of Russia is accused of surveilling a Russian programmer, Kirill Parubets, by embedding spyware on his mobile device. The findings were reported by First Department in collaboration with the University of Toronto's Citizen Lab.

Detention and Surveillance: Kirill Parubets was held in administrative detention by Russian authorities for allegedly supporting Ukraine through financial donations. During his confinement in May 2024, his Oukitel WP7 smartphone, operating on Android 10, was confiscated.

Spyware Installation: After Parubets' release and following an attempt by the FSB to recruit him as an informant under duress, his smartphone started displaying strange behaviors. This led to the discovery of a trojanized version of the Cube Call Recorder app installed on his device. The malicious app, masquerading under a modified package name "com.cortex.arm.vx3", sought extensive permissions indicative of espionage capabilities, such as tracking locations and reading encrypted messages.

Malicious Capabilities: The spyware was ingeniously engineered to tap into various device functionalities, including keystroke logging, call recording, and message interception across chat applications. These features were primarily hidden within an encrypted secondary stage of the software, which activates post-installation.

Comparative Analysis: Notably, similarities with the 2019-documented Android spyware Monokle suggest that the FSB's tool might be an evolved version or share a code lineage. Certain command-and-control (C2) communications mirrored that of Monokle.

Potential iOS Version: The investigation also hinted at references to Appleā€™s iOS within the spyware's source code, suggesting a possible version targeting iPhones.

Broader Implications

Citizen Lab highlights the risk associated with losing physical control of devices, especially when seized by intelligence agencies, emphasizing that compromises can extend beyond custody periods.

Related Developments

Coinciding with these revelations, mobile security firm iVerify reported finding new infections from the notorious Pegasus spyware on both iOS and Android devices. The developed by NSO Group, these infections affected journalists and government officials, illustrating the ongoing threats posed by advanced mobile spyware. This case underscores the persistent and evolving threats within mobile security landscapes, reaffirming the urgency for robust protective measures against sophisticated digital surveillance tactics.

The link has been copied!