ESET Research Uncovers New Android Spyware Campaign in UAE Targeting Users through Fake Communication Apps

ESET cybersecurity researchers discovered two new Android spyware families called Android/Spy.ProSpy and Android/Spy.ToSpy is meant to steal crucial data from mobile users.These spyware efforts primarily target users of communication apps such as Signal and ToTok, pulling them into downloading hazardous applications from fake websites rather than authentic app stores.

Signal is a popular private messaging app noted for its focus on secure communication. It is popular among users all around the world who wish to keep their chats and calls safe from surveillance. ToTok, on the other hand, was a free messaging and calling app developed in the United Arab Emirates (UAE) that quickly gained popularity in the region before being pulled from official app stores in 2019 due to security concerns.

ESET discovered that ProSpy pretends to be a Signal plugin or a fake ToTok Pro application, while ToSpy acts as the ToTok app itself. After users install them, these apps steal personal information such as contacts, messages, photographs, videos, documents, and even chat backups.They continue to run silently in the background, delivering all stolen information to the hackers. Researchers confirmed that these spyware attacks are growing rapidly in the United Arab Emirates (UAE). In fact, one of the fraudulent ToTok websites was skillfully constructed to resemble the Samsung Galaxy Store, making it easier to deceive customers into thinking they were downloading an authorized platform.

ESET's research also revealed that the ProSpy campaign has most certainly been active since 2024, while ToSpy has been around for much longer, possibly since 2022.This means that thousands of users may have already been affected without knowing it.The campaigns demonstrate how fraudsters use social engineering and phishing techniques to deceive people who believe they are adding additional security to their devices. Both ProSpy and ToSpy are not available on legitimate app stores such as Google Play or the Apple App Store, thus users must manually download APK files from unsafe sources.

Experts caution that installing programs from unknown or third-party websites is extremely dangerous, as hackers frequently disguised malware as upgrades or "pro" versions of popular apps.To be secure, users should only download apps from approved stores, such as Google Play or the Apple App Store, and avoid allowing installation from unknown sources. It's also crucial to be cautious of apps that claim to provide expanded functionality for well-known services, as these are frequently scams. Keeping your phone up to date and using reliable mobile safety applications will help defend against such threats.

Information referenced in this article is from Yahoo Finance