- ProSpy and ToSpy malware campaigns spoof Signal and ToTok to infect Android users
- Malware exfiltrates SMS, contacts, files, and disguises itself as Google Play Services
- Apps spread via third-party stores; users urged to stick to official app sources
Android users in the United Arab Emirates and the wider region are being targeted by two malicious campaigns which spoof known chat apps, Signal and ToTok, to distribute malware.
Security researchers at ESET said they started tracking the ProSpy and ToSpy campaigns in June 2025, but believe they could have started back in 2024.
The attackers created fake, non-existent Signal Encryption Plugins, and a Pro version of the ToTok app, to trick users into downloading and running the malware. Those that don’t spot the trick will end up losing sensitive information, since the campaign leverages on data exfiltration.
How to stay safe
Once installed, the malware requests access to SMS messages, files, and contacts lists, which it then exfiltrates, together with device information, backup files, and a list of other installed apps.
The Signal Encryption Plugin also renames itself to ‘Play Services’ upon installation, and changes its icon, to avoid being detected and removed. Also, tapping the icon brings up the info screen of a legitimate Google Play Service app.
Since these apps are being distributed through third-party app stores and custom websites, the best way to stay safe is to only download apps from reputable sources such as the official Google Play Store and the Apple App Store.
Signal is a popular and legitimate privacy-first chat application with roughly 70 million users worldwide. ToTok, on the other hand, has a more controversial history. The app was developed by a UAE company called G42, back in 2019. It offered free voice and video calls, positioning itself as an alternative to services like WhatsApp and Skype, which were restricted in the UAE.
However, ToTok was later removed from the Google Play Store and Apple’s App Store after investigations suggested it was being used as a surveillance tool by the UAE government, but it remains popular in the region.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
Source link