A Russian programmer, Kirill Parubets, has exposed how his phone was infected with spyware after being detained by the Federal Security Service (FSB). His story, marked by violence and coercion, sheds light on the lengths the FSB will go to monitor dissenters. Parubets, a systems analyst with Ukrainian heritage, had been living in Ukraine when he was arrested for allegedly sending financial aid to Ukraine, a charge that Russia considers treason.
A Brutal Arrest and Forced Cooperation
In April 2024, Parubets and his wife, Lyubov, were forcibly detained at their Moscow apartment by six armed FSB agents. At dawn, the agents burst into their home, threw them to the floor, and separated them. Parubets was interrogated about his connections to Ukraine, and his phone was confiscated after he was threatened with life imprisonment.
Parubets had moved to Kyiv in 2020, drawn by his Ukrainian roots, and continued his work as a systems analyst. However, after Russia invaded Ukraine in 2022, he and his wife were unable to renew their residency in Ukraine. They traveled back to Russia in 2023 to complete some paperwork for Moldovan citizenship, hoping to return to Ukraine. But their plans were shattered when the FSB arrested them.
“They knew exactly where everything was, and they confiscated my phone right away,” Parubets recalled, feeling as if the agents had prior knowledge of his home. Despite the fear and physical abuse, Parubets pretended to comply with their demands, including agreeing to act as an informant on his Ukrainian contacts.
Escape and Discovery of Spyware
After 15 days of detention, Parubets and his wife were released, but he soon discovered something unsettling. Upon retrieving his phone, he noticed a strange notification reading “Arm cortex vx3 synchronization,” which vanished quickly before the device rebooted. With a background in cybersecurity, Parubets was immediately suspicious and began investigating.
He found a rogue app on his phone that he hadn’t installed, which granted access to sensitive personal data like his location, text messages, and even the camera. The app was a modified version of the Cube Call Recorder, a legitimate app, but now it had spyware capabilities. The altered app was part of a family of malware known as Monokle, which has been linked to Russian state actors.
This discovery was confirmed by the Citizen Lab, a cybersecurity research group at the University of Toronto. Their analysis revealed the spyware could track Parubets’ precise location, intercept calls, record video, and take screenshots, among other invasive actions. “This malware is a highly sophisticated surveillance tool,” said Cooper Quintin, one of the researchers involved.
The Growing Threat of FSB Surveillance
The case illustrates the risks of losing physical control of a device to an authoritarian state. The Citizen Lab’s report warns that anyone whose phone is confiscated and later returned by such agencies should assume their device is compromised. Parubets’ situation highlights not only the danger to political activists but also to foreign visitors to Russia.
Dmitry Zair-Bek, a human rights advocate, cautioned, “The repression in Russia is reaching terrifying new heights. There are no longer any ‘red lines.’ Westerners, especially those visiting Russia, are at risk of being targeted for surveillance or worse.”
The Hidden Dangers of Physical Access
Security experts emphasize that physical access to a device can be as dangerous as remote cyberattacks. “Zero-day exploits are often in the spotlight, but physical access is just as threatening,” noted Quintin. In Parubets’ case, the spyware was installed while he was detained, making it a reminder of the vulnerability activists and dissidents face in authoritarian regimes.
Parubets’ decision to expose the spyware is a brave act of defiance, demonstrating his commitment to digital rights and transparency. His experience underscores the growing need for heightened awareness about digital security, particularly for those under the scrutiny of repressive regimes.