Android Spyware Campaigns Masquerade as Signal ToTok Target UAE Users
Android Spyware Campaigns Masquerade as Signal ToTok Target UAE Users

Android Spyware Campaigns Masquerade as Signal ToTok Target UAE Users

News summary

Researchers at ESET have uncovered two previously unknown Android spyware campaigns named ProSpy and ToSpy that impersonate the secure messaging apps Signal and ToTok to steal sensitive data from users. These campaigns rely on fake websites and social engineering, distributing malicious APKs outside official app stores, primarily targeting users in the United Arab Emirates (UAE). ProSpy masquerades as a Signal encryption plugin or a Pro version of ToTok, while ToSpy exclusively imitates ToTok, which despite being removed from Google Play and Apple App Store in 2019 due to surveillance concerns, remains popular in the UAE. The spyware requests access to contacts, SMS, and files, exfiltrating data continuously while disguising itself as legitimate system apps to maintain persistence and avoid detection. The campaigns leverage the regional popularity of ToTok and mimic trusted platforms, including the Samsung Galaxy Store, to trick users into manual installation. Evidence suggests that ProSpy has been active since at least 2024, and ToSpy since 2022, highlighting a long-term, regionally focused operation exploiting the unique app ecosystem in the UAE.

Story Coverage
Bias Distribution
100% Left
Information Sources
daae85f0-2883-42fc-b085-888140adf30d
Left 100%
Coverage Details
Total News Sources
1
Left
1
Center
0
Right
0
Unrated
0
Last Updated
4 days ago
Bias Distribution
100% Left
Related News
Ask VT AI
Story Coverage
Subscribe

Stay in the know

Get the latest news, exclusive insights, and curated content delivered straight to your inbox.

Present

Gift Subscriptions

The perfect gift for understanding
news from all angles.

Related News
Recommended News