Key Findings
  • This joint investigation with First Department, a legal assistance organization, found spyware covertly implanted on a phone returned to a Russian programmer accused of sending money to Ukraine after he was released from custody.
  • He describes being subjected to beatings and an intense effort to recruit him as an informant for the Russian Federal Security Service (FSB).
  • Our analysis finds that the spyware placed on his device allows the operator to track a target device’s location, record phone calls, keystrokes, and read messages from encrypted messaging apps, among other capabilities.
  • The spyware bears many similarities to the Monokle family of spyware, previously reported on by Lookout Mobile Security, which they attribute to the “Special Technology Center,” a contractor to the Russian government.
  • Our analysis also finds certain differences from previously-reported samples of Monokle spyware, suggesting that it is either an updated version of Monokle or new software created by reusing much of the same code.
  • Bezier@suppo.fi
    link
    fedilink
    English
    arrow-up
    6
    ·
    17 days ago

    Sounds entirely plausible to me. I would not trust a device confiscated by authorities in any country.

    • eleitl@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      17 days ago

      I wouldn’t either. Though wiping and boot attestation of GrapheneOS put up a higher tampering threshold.