FSB Plants Spyware on Detained Activist’s Phone

Russian programmer Kirill Parubets was detained in Moscow earlier this year for sending financial aid to Ukraine. The Russian Federal Security Service (FSB) agents planted spyware in his phone before releasing him.

Parubets is an opposition political activist in Russia with a rich Ukrainian heritage. Living in Ukraine for years, Parubets has volunteered and contributed financially to Ukraine’s cause, even since the Russian invasion in 2022. Parubets and his wife only travelled back to Russia to deal with some paperwork so that they could get Moldovian citizenship, which would have allowed them to remain in Ukraine.

According to TechCrunch, six FSB agents burst into Parubets’ apartment in Moscow, threw them onto the floor and started interrogating them about the money sent to Ukraine. They were placed in fifteen days of administrative arrest, where they were physically tortured and interrogated about their activities in aid of Ukraine. Parobets’ Android phone was seized, and they repeatedly asked for the password. Parobets, intimated, was forced to give away his password.

Parubets was also asked to spy on a friend, which he agreed to but wasn’t planning on doing. Then, after fifteen days, they were released. While collecting his phone from the authorities, Parobets noticed that his phone had a suspicious notification, which disappeared and rebooted the phone. Upon inspection, Parubets found a suspicious call recorder app that allowed a lot of permissions. These permissions granted it access to the personal data on their phones. 

This led Parubets to seek help from First Department, a legal assistance organisation founded by an exiled Russian human rights lawyer. They specialise in helping those accused of espionage and treason in Russia. For technical support, the First Department sought help from The Citizen Lab.

The Citizen Lab is an interdisciplinary laboratory at the University of Toronto. This research organisation uses various qualitative and quantitative methods to study information control that could potentially threaten internet security and human rights. Founded in 2001, it gained a lot of traction after 2021 when it lent its technical expertise to journalists investigating NSO Group’s Pegasus spyware.

During their analysis, they discovered that the spyware placed on Parubets’ phone bears similarities to the Monokle family of spyware. It is likely an updated version of the spyware of a new software created using the same code. It allows the operator to track location, record phone calls, keystrokes, and even read messages from encrypted messaging apps like WhatsApp and Signal. The team over at the Citizen Lab concluded their report with the warning that, any device confiscated by a security service can no longer be trusted.

Parubets and his wife left Russia soon after they were released, leaving the compromised phone there. He believes that it may have helped them escape and fooled the agents into thinking they were still in Moscow, even after they were long gone. 

Leave a Comment