Ukrainian app can spot the Russian spy hiding in your pocket

The logo of anti-spyware app SpyBuster. (Credit: MacPaw)

As Russian missiles continue to strike Ukraine soil, the virtual realm has also become a battleground. Only, hacking operations and phishing campaigns are the weapons of choice and they’re used to target government websites, disrupt public services or steal sensitive data. MacPaw, a Ukraine-based software company, has been using its expertise to help Ukrainians protect themselves from cyber attacks.

Only a month into the war and from the comfort of bomb shelters, the tech company launched SpyBuster, a free anti-spyware app that can detect suspicious connections to servers in Russia and Belarus. The firm, known for its popular programmes CleanMyMac, Setapp and ClearVPN, has also made its VPN service free for all Ukrainians to help them secure their online experience in times of war.

Geneva Solutions spoke to MacPaw’s technological research and development lead, Sergii Kryvoblotskyi, about how the company is contributing to Ukraine’s cyber defence.

GS News: How was SpyBuster created?

Sergii Kryvoblotskyi: Before Russia started the full-scale invasion of Ukraine,  our Technology R&D team was responsible for integrating new technologies into MacPaw products and developing the company's R&D culture. After the invasion, cyberspace became the second front, and Ukrainian digital infrastructure began to suffer numerous cyber attacks.   So the team focused on finding solutions to support the national cybersecurity and Ukrainian users. One research on technologies for protecting users from network traffic and malicious applications proved to be very useful and up-to-date. So we started designing SpyBuster.

In March of 2022, we launched it as a free macOS app. By June, it became available as a Google Chrome extension that notifies users about suspicious website connections and visualizes them on a map. A static analysis functionality of SpyBuster was also added to CleanMyMac X as part of its Uninstaller module (a tool that helps uninstall apps from the computer - ed.). Today, the MacPaw team is bringing the iOS version of SpyBuster.

What’s the aim of the app?

SpyBuster is an entirely free on-device anti-spyware tool that helps users effortlessly secure their data by weeding out apps and web connections reporting to unwanted servers. SpyBuster scans devices for installed apps that have connections with Russia or Belarus and monitors if data is being sent to servers in those countries when the app is in use.

In 2016, Russia adopted legislation that requires telecom providers to store private users’ data, including the content of voice calls, images, and text messages, for six months. It also orders them to store metadata, such as information about the recipient and sender or sending time and location, for three years. The law also gives FSB (Russia’s Federal Security Service - ed.) and other Russian law enforcement agencies nearly unlimited access to any user data on Russian servers without a court order. Our devices know the most sensitive information about our lives. Imagine if your digital persona ended up in the wrong hands! Such regulations may not meet the user’s standards of online security and privacy, so SpyBuster enables the protection of personal data from Russian legislation.

A screenshot of a spyware scan by SpyBuster.

What results have you seen after the first four months since launching the app?

At first, SpyBuster was tested inside MacPaw. In the process, we found out that websites of some Ukrainian media were connecting to Russian servers. So we informed the teams of those media about the possible danger. Often the media even didn’t know that their websites connect to servers in hostile countries. It happened at a time when many Ukrainian media outlets were being hacked simultaneously.

Also, thanks to SpyBuster, MacPaw engineers prevented the spread of Russian propaganda. In one of the SpyBuster updates, developers have added a functionality for analyzing public and encrypted application data. Thanks to this, they noticed that the code of the Viber app has integration with RuTube (a Russian video platform ed.). Viber users could distribute and watch videos from the platform inside the app and thus spread Russian propaganda. The SpyBuster team contacted the Viber Ukrainian office. Their team quickly responded to the request, and a few days later, Viber removed the rutube integration with the new application update.

Who is using SpyBuster?

Today, 44 per cent of SpyBuster users come from Ukraine, the second place by a number of users goes to the United States, and then we see users from all over Europe. The statistics are predictable. Ukraine is not the only target of Russian hackers. Previously, security experts at Microsoft concluded that 53 per cent of all cyber attacks between July 2020 and June 2021 originated in Russia were focused on various targets in the US, Ukraine, UK, and NATO allies across Europe. This is why SpyBuster is an up-to-date preventive application for users from all over the world.

How is SpyBuster different compared to many other anti-spyware apps?

SpyBuster was created in less than a month by Ukrainian developers from bomb shelters. The program focused on examining executable code and resources of applications on devices for evidence of potential unwanted relations with Russia and Belarus, based on a list of indicators collected by the MacPaw engineers that flag an app as potentially unwanted. Any version of SpyBuster is free and on-device, which means everything happens only on the user's device, and the data is available only to the user. And it is up to the user to decide whether to trust detected apps and connections or block them, as the team believes that privacy and a right to choose should belong to users.