A Russian programmer, Kirill Parubets, claims the Federal Security Service (FSB) installed spyware on his Android phone after detaining him in Moscow earlier this year. Security experts confirmed spyware had been installed, likely when the authorities accessed his phone using the passcode they forced him to provide.
Parubets, a systems analyst with Ukrainian heritage, identifies as a political activist and has lived in Ukraine since 2020. He has provided humanitarian and financial aid to Ukrainians since Russia’s 2022 invasion. In 2023, he and his wife returned to Russia to handle paperwork related to their pursuit of Moldovan citizenship, enabling them to remain in Ukraine.
On April 18, 2024, six FSB agents stormed their Moscow apartment, interrogating him about financial transfers to Ukrainians and a friend, “Ivan Ivanov” (a pseudonym). Intimidated, Parubets gave his phone’s passcode. Later, while in detention, he was questioned, threatened with life imprisonment, and pressured to spy on Ivanov. To avoid immediate harm, he pretended to cooperate.
After their release on May 3, Parubets noticed suspicious activity on his returned phone. Using his cybersecurity knowledge, he found an unfamiliar app with extensive permissions. With assistance from Citizen Lab, researchers confirmed the app was spyware, resembling a trojanized version of the legitimate Cube Call Recorder. The spyware could track location, access messages, record audio and video, and control other functions. Experts linked it to Monokle, a malware tied to a Russian government-affiliated company, previously analyzed in 2019.
Citizen Lab researchers emphasized that physical phone access, combined with coercion, can facilitate spyware installation as effectively as remote hacking. They advised that devices confiscated by security services should be considered compromised.
Parubets and his wife have since left Russia. Ironically, leaving his compromised phone behind helped him create the illusion of still being in Moscow, buying time to escape. Human rights advocates warn that such spyware tactics might increasingly target not only Russians but also foreign visitors to the country.