December 5, 2024 at 12:18PM
Russian programmer Kirill Parubets was detained by the FSB and found spyware installed on his phone after it was returned. Citizen Lab confirmed the malware impersonates a popular app and offers extensive permissions. The spyware appears related to the Monokle variant, with enhanced features for surveillance and data extraction.
### Meeting Takeaways
1. **Incident Overview**: Kirill Parubets, a Russian programmer, was detained by the FSB for alleged donations to Ukraine. Upon the return of his mobile phone, it was found to have spyware installed.
2. **Spyware Discovery**: The spyware impersonates a legitimate app, ‘Cube Call Recorder,’ which has over 10 million downloads. It was confirmed by Citizen Lab after forensic analysis.
3. **Spyware Characteristics**:
– Developed by St. Petersburg’s Special Technology Center, Ltd.
– Likely a new version of an existing spyware, Monokle, detected first in 2019.
– Utilizes a two-stage encryption process with new permissions and capabilities.
4. **Capabilities of the New Spyware**:
– Location tracking
– Access to SMS, contacts, and calendar
– Call recording and screen activity monitoring
– File and password extraction
– Execution of shell commands
– Keylogging and capture of sensitive data
– Exfiltration of files
5. **Updated Permissions**:
– New permissions include ‘ACCESS_BACKGROUND_LOCATION’ and ‘INSTALL_PACKAGES.’
– Removed permissions include ‘USE_FINGERPRINT’ and ‘SET_WALLPAPER.’
6. **Broader Implications**: The code includes potential references to iOS, suggesting a variant for Apple devices may exist.
7. **Recommendations for Device Safety**:
– Individuals should switch devices or have confiscated phones analyzed by experts upon return.
– Those in oppressive regimes should use burner devices and employ anti-spyware mechanisms like Apple’s Lockdown mode.
– Regular updates of OS and applications are advised.
### Next Steps:
– Consider implementing additional security measures for devices in risk-prone environments.
– Discuss potential training on cybersecurity awareness and personal device safety for team members.