BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New Android Spyware Poses as Signal, ToTok Apps in UAE

Android Spyware Campaigns ProSpy and ToSpy Impersonate Signal and ToTok Targeting UAE Users

  • Two Android spyware campaigns named ProSpy and ToSpy target users in the United Arab Emirates (U.A.E.) by impersonating popular apps Signal and ToTok.
  • The malicious apps are distributed through fake websites and social engineering, requiring manual installation outside official app stores.
  • The spyware steals sensitive data, including contacts, messages, files, and device information.
  • ESET researchers found ProSpy active since 2024 and ToSpy from mid-2022, both using deceptive tactics to mask spyware activity by linking victims to legitimate app downloads.
  • Users are advised to avoid installing apps from unofficial sources and enabling unknown installations to reduce infection risk.

Cybersecurity researchers from ESET uncovered two Android spyware campaigns called ProSpy and ToSpy that impersonate messaging apps Signal and ToTok to target users in the United Arab Emirates. These malicious apps bypass official app stores and are manually installed via deceptive third-party websites. The spyware gains persistent access to compromised devices and extracts private data.

- Advertisement -

The ProSpy campaign, detected in June 2025 and believed to have started in 2024, uses fake websites mimicking Signal and ToTok to deliver booby-trapped APK files named Signal Encryption Plugin and ToTok Pro. According to ESET researcher Lukáš Štefanko, “Neither app containing the spyware was available in official app stores; both required manual installation from third-party websites posing as legitimate services.” One counterfeit site even impersonated the Samsung Galaxy Store to spread the ToSpy Malware.

Both spyware types request permissions to access contacts, SMS messages, files, and device details. Once installed, they run background services to stay active, restarting automatically if terminated and launching on device reboot. Before victims interact with buttons labeled “CONTINUE” or “ENABLE,” which redirect them to official app download pages, the spyware quietly steals data including files, media, contact lists, and chat backups.

ToTok was removed from Google Play and Apple‘s App Store in December 2019 amid allegations it served as a spying tool for the U.A.E. government, gathering conversations and location data. The developers denied these claims, describing the removal as an attack by market competitors. The malicious ProSpy and ToSpy apps exploit this history by impersonating ToTok to trick users.

The fake Signal Encryption Plugin changes its icon to look like Google Play Services after permission is granted, masking its presence. Both malware strains display legitimate versions of their respective apps after installation to avoid user suspicion. ESET notes the campaigns use different infrastructures but share tactics targeting data theft in the region.

- Advertisement -

Users are urged to avoid downloading apps from unofficial sources and not to enable installations from unknown origins. This caution is especially important for apps claiming to enhance trusted services. For further details, see UAE/” target=”_blank” rel=”noopener”>ESET’s report.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Must Read

Top 9 VPNs That Accept Bitcoin And Crypto

CyberGhost | FastVPN | TorGuard | Private Internet Access | ExpressVPN | NordVPN | Private VPN | SurfShark | AirVPN | Why Buy VPN...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading