New spyware discovered on Belarusian journalist’s phone after interrogation

Steven

New spyware discovered on Belarusian journalist’s phone after interrogation

Summary

Forensic investigators at Reporters Without Borders (RSF) found a previously unknown Android-targeting spyware on a Belarusian journalist’s phone. The malware, named ResidentBat, appears to have been in use since at least 2021 and can harvest call logs, SMS and encrypted app messages, microphone recordings, locally stored files and screen captures. RSF and the journalist say the device was likely infected while in custody — the phone was seized during questioning and the journalist was at one point forced to unlock it.

The infection was detected when antivirus software on the phone flagged suspicious components days after detention. The journalist engaged RESIDENT.NGO and RSF to analyse the device. RSF has notified Google, which plans to send threat notifications to users identified as targets. Experts note this case fits a pattern of authoritarian states installing surveillance tools during detention.

Key Points

  • RSF uncovered a previously unreported spyware family dubbed ResidentBat targeting Android devices.
  • ResidentBat can access calls, SMS, encrypted app messages, microphone, files and screen captures.
  • Evidence suggests the spyware has been active since at least 2021 based on antivirus-sample comparisons.
  • The journalist believes the infection occurred while detained by the Belarusian KGB and after being forced to unlock the phone.
  • RSF alerted Google, which will notify users identified as targets; the case mirrors similar incidents in other countries.

Context and Relevance

This discovery sits at the intersection of digital surveillance, press freedom and state repression. It reinforces a worrying trend: authorities using detention and coercion to install intrusive spyware rather than relying solely on remote exploits. For journalists and human-rights defenders the technical capabilities described — access to encrypted app messages and microphone recordings — translate into comprehensive invasions of both private and professional spheres. Platform responses (Google notifications) show how tech firms and NGOs are becoming part of the defensive ecosystem, but the case also highlights persistent gaps in frontline operational security for at-risk reporters.

Why should I read this?

If you care about press freedom, digital safety or how states spy on citizens, this is one to read. It’s a blunt reminder that phones can be compromised during detention and that malware isn’t always exotic — sometimes it’s deliberately installed. Quick, clear and worrying.

Author style

Punchy and direct: this isn’t an abstract threat. RSF’s forensic find is a concrete example of how surveillance tech is being used as a tool of repression. Read the detail if you want to understand the methods, the implications for journalist safety, and what defenders are doing in response.

Source

Source: https://therecord.media/spyware-belarus-journalist-rsf