216.73.216.133

New spyware campaigns target privacy-conscious Android users in the UAE

· Published 02/10/2025 16:14 · Modified 02/10/2025 16:46

Export JSON

Essential information

Published
02/10/2025 16:14
Modified
02/10/2025 16:46
Tags
2025-10-02 android android/spy.prospy android/spy.tospy app impersonation data exfiltration persistence phishing signal spyware totok uae
Related entities
30 observables, 2 techniques (mitre), 1 others

Description

Two campaigns, ProSpy and ToSpy, have been discovered targeting users in the United Arab Emirates. These campaigns impersonate secure messaging apps like and , distributing malware through deceptive websites and social engineering tactics. Once installed, the exfiltrates sensitive data including contacts, SMS messages, files, and device information. The campaigns use mechanisms to ensure continuous operation on compromised devices. ProSpy disguises itself as encryption plugins or pro versions of apps, while ToSpy exclusively mimics the app. The malware is distributed through unofficial sources, highlighting the risks of downloading apps outside official app stores.

External references