A Russian programmer, Kirill Parubets, has shared a harrowing account of how the Russian Federal Security Service (FSB) installed spyware on his Android phone after he was detained in Moscow earlier this year. Parubets, a systems analyst with Ukrainian heritage, was arrested along with his wife on April 18, 2024, and subjected to a 15-day administrative arrest.

According to Parubets, the FSB agents, armed with machine guns, burst into his apartment, forced him to give up his phone's passcode, and later installed spyware on the device. The agents questioned him about his volunteer activities and donations in Ukraine, as well as his connections to a friend, whom they claimed had communicated with Ukraine's Special Services.

Parubets said he was intimidated into giving away his password, and the FSB agents later visited him in detention, asking him to spy on his friend. Fearing for his life and that of his wife, Parubets agreed to cooperate, but had no intention of doing so. After his release, he discovered a suspicious app on his phone, which was later confirmed by security researchers to be spyware.

The spyware, identified as a trojanized version of the legitimate Cube Call Recorder app, had extensive permissions to access location information, read and send text messages, install other applications, and even record from the video camera. The researchers believe the spyware is a new version of the Monokle malware, which was previously analyzed in 2019 and linked to a St. Petersburg company sanctioned by the US government for providing technological assistance to the Russian government.

Cooper Quintin, one of the researchers who analyzed the malware, emphasized that this incident highlights the risks of physical device access and coercion. "People spend a lot of time thinking about zero-click exploits and zero-day attacks, but tend to forget that someone with physical access to your phone who can compel you to unlock it with violence or the threat of violence is just as likely of a risk," Quintin said.

The incident has sparked concerns about the Russian government's use of spyware and its potential impact on citizens, particularly those with ties to Ukraine or Western countries. Dmitry Zair-Bek, the head of the First Department human rights project, warned that what happened to Parubets may happen to others, and that the Russian government's actions are a "major issue" with no "red lines" of what is permissible.

In a surprising twist, Parubets said that his spyware-ridden phone may have helped him escape, as he left it back in Moscow to create the illusion that he was still in the city. "I needed to pretend I am still in Moscow," Parubets said. "To win some time."

The incident serves as a stark reminder of the risks of physical device access and the importance of cybersecurity measures to protect against such threats. As the Russian government continues to face scrutiny over its surveillance practices, this incident highlights the need for increased vigilance and awareness among citizens and governments alike.