Forensic researchers at Reporters Without Borders (RSF) have found a previously unknown spyware tool on a Belarusian journalist’s phone, the nonprofit said Wednesday.

The organization said it believes the spyware has been in use since at least 2021 based on its analysis comparing samples on an antivirus platform. Dubbed ResidentBat, the spyware can access call logs, SMS and encrypted app messages, microphone recordings, locally stored files and screen captures. It is used to target Android phones.

The journalist and RSF believe the spyware was installed while the journalist was detained by the Belarusian KGB. The phone was seized during questioning and authorities at one point forced the journalist to unlock the phone, RSF said in a press release.

Similar examples of authoritarian regimes installing spyware on journalists' phones while they are being questioned by police or security services have occurred recently in Serbia and Kenya.

“Growing list of cases where authoritarian regimes use detention to implant spyware on phones,” John Scott-Railton, a digital forensic researcher at Citizen Lab, said in a social media post. “Important investigation and reminder that dictators don't always need zero-days.”

The infection came to light after antivirus software on the journalist’s phone flagged “suspicious components” a few days after their detention, RSF said. The journalist contacted the Eastern European nonprofit RESIDENT.NGO, which analyzed the phone with RSF.

“By deploying surveillance technologies such as ResidentBat, the Belarusian state is pursuing a deliberate strategy of repression against independent journalism,” Antoine Bernard, RSF’s director of advocacy and assistance, said in a statement. “The systematic invasion of their private and professional lives amounts to a direct and unlawful assault on press freedom and fundamental rights.”

Belarus ranks 166th out of 180 countries and territories on a press freedom survey conducted by the organization.

RSF said it has made Google aware of its findings, and the tech giant plans to send a threat notification to all Google users identified as targets of the spyware campaign.