A newly discovered spyware program, “NoviSpy,” has been uncovered in Serbia, raising serious concerns about privacy and the monitoring of activists, journalists, and members of non-governmental organizations (NGOs). Amnesty International, which investigated the issue, confirmed multiple infections of mobile phones and provided detailed insights into how the spyware works in a report released on December 16.
What is NoviSpy?
“NoviSpy” is an advanced surveillance tool designed specifically for Android devices. According to Amnesty International’s forensic analysis, it is believed to be primarily used by Serbian state institutions, such as the Security Information Agency (BIA) and the Ministry of Internal Affairs. Unlike well-known commercial spyware programs, like “Pegasus,” “NoviSpy” is considered to be a locally developed tool, specifically tailored for use within Serbia.
The software is capable of remotely accessing a wide range of personal data, including SMS messages, as well as encrypted communications through apps like Signal and WhatsApp. It can also capture documents, photos, videos, and even communications that have been deleted. Additionally, “NoviSpy” can activate the device’s microphone and camera, monitor location in real time, and track the movements of the target.
How Does the Spyware Operate?
The spyware is typically installed covertly on targets’ devices, often during interrogations or temporary detentions by police or BIA agents. According to Amnesty International, “NoviSpy” is installed when individuals, such as activists, journalists, or political opposition members, leave their phones unattended during questioning. Once installed, the spyware sends the collected data back to servers based in Serbia.
One of the servers used to control the spyware was found to have an IP address linked directly to the BIA. Furthermore, data related to the software’s configuration was traced back to an individual within the BIA, who was allegedly involved in procuring surveillance tools from other vendors.
Connection with Cellebrite
Amnesty International also discovered that “NoviSpy” may be linked to the use of “Cellebrite,” an Israeli company known for its phone unlocking technology, which is widely used by law enforcement agencies across the world. Serbia reportedly received Cellebrite equipment as part of its efforts to meet EU integration requirements. The equipment was delivered through a program funded by the Norwegian government and managed by the UN Office for Project Services (UNOPS), from 2017 to 2021.
In one documented case, Serbian authorities used Cellebrite tools to unlock a journalist’s phone before installing “NoviSpy.” The use of these tools illustrates the close relationship between the Serbian government and international surveillance technologies, raising concerns about their potential for misuse.
Human Rights Concerns
The discovery of “NoviSpy” highlights the increasing use of digital surveillance to monitor and suppress opposition. Amnesty International has expressed concern that Serbia’s surveillance laws are outdated and susceptible to political influence, creating an environment ripe for abuse. The spyware’s use on activists, journalists, and opposition figures may be part of a broader government effort to control dissent and suppress critical voices.
The report reveals how “NoviSpy” could be part of a coordinated, state-backed effort to target and silence those who oppose government policies, particularly regarding issues like environmental activism.
The existence of “NoviSpy” is a troubling development for privacy and human rights in Serbia. The spyware’s ability to collect sensitive data and monitor individuals in real time poses significant risks to freedom of expression and the rights of journalists and activists. The case also illustrates the intersection of local surveillance programs with international technologies, raising serious questions about accountability and the potential for misuse by authoritarian governments.