The FSB monitored a pro-Ukrainian programmer from the Russian Federation

Russia's Federal Security Service (FSB) secretly installed spyware on the smartphone of a Russian programmer who donated money to the Armed Forces of Ukraine. This is stated in the information publication The Hacker News, the translation of which is offered by Foreign Ukraine.

In May 2024, Kyrylo Parubets was released from custody after a 15-day administrative arrest, during which his Oukitel WP7 smartphone running the Android 10 operating system was confiscated from him.

During this period, he was not only beaten to force him to reveal the password from his mobile device, but also tried to recruit him as an FSB informant, threatening him with life imprisonment.

After he agreed to work for the Russian intelligence services, if only to buy time and escape, the FSB returned him to its office on Lubyanka. It was at this point that Parubets began to notice that his smartphone was behaving unusually, including the message «Synchronizing Arm cortex vx3».

Further examination of the smartphone revealed that it had indeed been hacked by a Trojanized version of the genuine Cube Call Recorder program. It is worth noting that the legitimate mobile application has the package name «com.catalinagroup.callrecorder», while the package name of the fraudulent counterpart – «com.cortex.arm.vx3».

The fake app is designed to request intrusive permissions that are designed to collect a wide range of data, including SMS messages, phone calls, contact lists, and geographic location.

Most of the malicious features of the app are hidden in the encrypted second stage of the spyware. Once the spyware is downloaded to the smartphone and launched, the second stage is decrypted and loaded into memory.

The second stage involves monitoring keystrokes, extracting files and saved passwords, reading chats from instant messengers, injecting JavaScript, executing shell commands, obtaining the device unlock password, and even adding a new administrator.