The new software that was discovered in Serbia collects a lot of personal data and aims to monitor environmental opposition activists, representatives of non-governmental organizations and journalists.
That's the finding of Amnesty International, which documented dozens of confirmed infections, along with details of how the software was installed and how it works, in a report published on December 16.
It is suspected that the number of infected phones is very high.
"NoviSpy", as described by Amnesty International's forensics team, is a spy software, tailored for Android phones, and is most likely used by Serbian institutions, namely the Security and Information Agency (BIA) and the Ministry of Internal Affairs.
Unlike commercial software known so far - among them "Pegasus" - Amnesty International assesses that "NoviSpy" acts as a locally developed tool.
Amnesty International, through its forensics team, monitored the communication of the "NoviSpy" software with servers that were confirmed to be located in Serbia.
One of the servers had an IP address that could be directly connected to the BIA.
Data in the program's configurations could be linked to a BIA employee who was associated with the purchase of spyware from other vendors, the report said.
By analyzing the circumstances related to the installation and use of the program, it was found that "NoviSpy" was installed when activists, journalists or opposition actors were temporarily detained or interrogated by the police or BIA.
This suggests that it is about "organized, state-supported campaigns", according to Amnesty International.
The program secretly installs on Android devices and enables extensive data collection and real-time monitoring.
According to the description, this software can access personal information, such as SMS messages, but also messages through encrypted applications such as Signal or WhatsApp.
The software can retrieve saved documents, photos and videos.
The analysis showed that he can also access deleted communications.
It is designed to remotely activate the phone's microphone and camera, but also track location and movement in real time.
The data is then transferred to the control servers located in Serbia.
The software has been physically installed, in situations where activists and journalists have been invited to informative interviews.
In such situations, they have left their phones outside the chat room - which has enabled the installation of spyware.
Amnesty International cites examples of activists opposed to lithium mining projects who have reported infections with "NoviSpy" after their meetings with Serbian authorities.
One of the cases is that of the journalist Slavisha Millanov from Dimitrovgrad, in the south of Serbia. He was stopped during a traffic control and his phone was confiscated.
After his release, forensic analysis showed that Cellebrite tools were used to unlock his device and that NoviSpy was installed during that period.
This case shows the joint use of spying software in Serbia and the "Cellebrite" program.
"Cellebrite" has been keyed to enable the infection with "NoviSpy".
Cellebrite, an Israeli tool, is widely used by security agencies around the world, including the FBI, to unlock smartphones and search them for evidence.
According to Amnesty International, Serbia has received equipment for unlocking phones from Cellebrite, as part of a wider package to help it meet the conditions for integration into the European Union.
This package, funded by the Government of Norway and administered by the United Nations Office for Project Services (UNOPS), has been offered to the Ministry of the Interior of Serbia from 2017 to 2021, to help Serbia fight crime organized, says the report.
The Norwegian government has temporarily suspended the delivery of "Cellebrite" devices to Serbia in 2018, Amnesty International has announced.
The Norwegian embassy in Belgrade also raised concerns about the program, the report said, but UNOPS delivered the equipment in June 2019.
Otherwise, Amnesty International assesses that Serbia's surveillance laws are outdated in the context of issues related to modern digital tools.
"Oversight mechanisms, judicial and legislative, are weak or susceptible to political influence - which creates opportunities for abuse," the report states./REL (A2 Televizion)
A2 CNN Livestream
MUND TE LEXONI GJITHASHTU
