New Spyware Disguises as Messaging Apps in UAE

In a concerning revelation for the digital security landscape, cybersecurity researchers have identified two Android spyware families impersonating the popular messaging applications Signal and ToTok. The recently uncovered cyber-espionage operations appear to primarily target users within the United Arab Emirates. The findings, revealed by ESET in June, suggest that these spyware campaigns may have commenced as far back as last year.

The campaigns, which the researchers have named ProSpy and ToSpy, exploit the guise of legitimate communication apps to infiltrate users' devices. ProSpy masquerades as both Signal and ToTok, while ToSpy emulates the now-defunct ToTok, shuttered in 2020 after being linked to the UAE government. Despite ToTok's official discontinuation, the cybercriminals introduced an upgraded version named ToTok Pro, offering it surreptitiously online.

Dangers Hidden in Plain Sight

The spyware-laden apps are not available via official app stores like Google Play. Instead, they require users to conduct manual installations from third-party sites designed to appear like legitimate app distributors. In one notable instance, a phishing site cleverly mimicked the Samsung Galaxy Store, potentially duping unsuspecting users with its semblance of authenticity. Upon installation, these applications solicit various permissions from the user, including access to contacts, text messages, and stored files. Once authorized, the spyware has the capability to extract an array of sensitive data, such as device information, audio recordings, video, images, and chat backups.

Analyzing the nuances of these campaigns revealed a sophisticated method of targeting and collection aimed at residents of the UAE. Confirmed detections in the region, coupled with the presence of phishing sites and domains featuring the country code "ae," have led researchers to posit a highly localized focus for these malevolent applications.

Implications and Response

In response to these discoveries, digital security experts emphasize the importance of vigilance among users, particularly in vulnerable regions. It is crucial for individuals to remain cautious about the sources from which they download applications and to restrict application permissions to only those that are absolutely necessary for functionality.

These unfolding developments underscore the persistent evolution of cyber threats and the ongoing battle between cybersecurity specialists and malicious entities. With mobile devices playing an ever-increasing role in our daily lives, the urgency for heightened security measures becomes more pressing.

Update: 02 Oct 2025