CyberSecurity updates
2024-12-26 20:11:17 Pacfic

FSB Uses Trojan App to Monitor Russian Programmer - 18d
Read more: thehackernews.com

A Russian programmer, Kirill Parubets, who had lived in Ukraine for years, alleges that the FSB planted spyware on his Android phone. After being detained for allegedly donating to Ukraine, Parubets was forced to reveal his phone's passcode. While in custody, he was also subjected to pressure to become an informant, facing threats of life imprisonment if he refused. Following his release, unusual activity on his phone, including a "Arm cortex vx3 synchronization" notification, prompted further investigation.

Analysis by Citizen Lab and First Department revealed the presence of a trojanized version of the Cube Call Recorder app. This malicious variant, with a different package name ("com.cortex.arm.vx3" instead of "com.catalinagroup.callrecorder"), granted access to a wide range of sensitive data, including location, messages, calls, and keystrokes. The spyware's second stage, decrypted upon execution, enabled logging keystrokes, extracting files, reading encrypted chats, and even adding a new device administrator. The spyware shares similarities with the Monokle Android spyware, suggesting a possible connection or code reuse. Parubets now lives in exile, fearing for his safety.