2024-12-26 06:12:18 Pacfic
FSB Uses Trojan App to Monitor Russian Programmer - 18d
A Russian programmer, Kirill Parubets, who had lived in Ukraine for years, alleges that the FSB planted spyware on his Android phone. After being detained for allegedly donating to Ukraine, Parubets was forced to reveal his phone's passcode. While in custody, he was also subjected to pressure to become an informant, facing threats of life imprisonment if he refused. Following his release, unusual activity on his phone, including a "Arm cortex vx3 synchronization" notification, prompted further investigation.
Analysis by Citizen Lab and First Department revealed the presence of a trojanized version of the Cube Call Recorder app. This malicious variant, with a different package name ("com.cortex.arm.vx3" instead of "com.catalinagroup.callrecorder"), granted access to a wide range of sensitive data, including location, messages, calls, and keystrokes. The spyware's second stage, decrypted upon execution, enabled logging keystrokes, extracting files, reading encrypted chats, and even adding a new device administrator. The spyware shares similarities with the Monokle Android spyware, suggesting a possible connection or code reuse. Parubets now lives in exile, fearing for his safety.
ImgSrc: blogger.googleusercontent.com
References:
- @lorenzofb - NEW: A Russian programmer, who has lived in Ukraine for years, says the FSB planted spyware on his Android phone after he was detained and forced to provide the phone's passcode. - 19d
- The Hacker News - FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine - 19d
- Security Affairs - Russia’s FSB used spyware against a Russian programmer after detaining him for allegedly donating to Ukraine earlier this year. - 18d
Classification:
- HashTags: FSB Spyware Surveillance
- Company:
- Target: Russian programmer
- Attacker: FSB
- Product: Android
- Feature: surveillance
- Type: Espionage
- Severity: Medium