New Android Spyware in UAE Masquerades as Popular Messaging Apps

Cybersecurity researchers have uncovered two sophisticated Android spyware campaigns, ProSpy and ToSpy, targeting users in the United Arab Emirates (UAE) by masquerading as legitimate messaging applications. These campaigns exploit the popularity of secure messaging tools to secretly collect sensitive data from unsuspecting users.

Spyware Campaigns: ProSpy and ToSpy

According to ESET researchers, both ProSpy and ToSpy are previously undocumented Android spyware families. ProSpy disguises itself as an upgrade or plugin for Signal, while ToSpy impersonates the UAE-originated messaging app ToTok. Once installed, these spyware variants can exfiltrate a wide range of personal data, including documents, media files, contacts, and chat backups. Investigations show that the ToSpy campaign remains active, with command-and-control servers still operational.

Distribution Tactics

The spyware spreads through deceptive websites and social engineering, targeting individuals searching for secure communication apps. By exploiting user trust in popular messaging platforms, attackers increase the likelihood of the spyware being installed unknowingly.

Risks and Implications for Users

The UAE has a history of surveillance practices, including past concerns over the ToTok app allegedly being used for mass surveillance. The emergence of ProSpy and ToSpy highlights the ongoing risk of deceptive tactics to monitor and collect data from residents. Users are urged to only download apps from verified official sources and remain cautious of third-party sites offering messaging tools.

For full technical details on these spyware campaigns, refer to reports by ESET and other cybersecurity research organizations.