New spyware campaigns target privacy-conscious Android users in the UAE
Oct. 2, 2025, 4:46 p.m.
Description
Two Android spyware campaigns, ProSpy and ToSpy, have been discovered targeting users in the United Arab Emirates. These campaigns impersonate secure messaging apps like Signal and ToTok, distributing malware through deceptive websites and social engineering tactics. Once installed, the spyware exfiltrates sensitive data including contacts, SMS messages, files, and device information. The campaigns use persistence mechanisms to ensure continuous operation on compromised devices. ProSpy disguises itself as encryption plugins or pro versions of apps, while ToSpy exclusively mimics the ToTok app. The malware is distributed through unofficial sources, highlighting the risks of downloading apps outside official app stores.
Tags
Date
- Created: Oct. 2, 2025, 4:14 p.m.
- Published: Oct. 2, 2025, 4:14 p.m.
- Modified: Oct. 2, 2025, 4:46 p.m.
Indicators
- dc55df39a7824a455690022b373875d3eb7680c1b961efe38d73c7fa2e57d6bc
- 70a44a185497df02ab80b94ec0731ea361ac54858b064c5f44a72272768a30b1
- 545b228aeb9e2163fa028d6ff5604e50c82779f8e9ca914b2167dd4f62440322
- 4ec51c329e8dab681bc6fb89d8c25021ed2ad9949bd16391a838bde8e56540fd
- 42f28501f3e6be38c0ce4ff2a5bfa2dfe3c56f99ed81804de54cba3bc26a5025
- 94.156.175.105
- 94.156.128.159
- 86.105.18.13
- 185.7.219.77
- 185.27.134.222
- 185.225.114.70
- 185.140.210.66
- 152.89.29.78
- 103.214.4.135
- 152.89.29.73
- 5.42.221.106
- store.latestversion.ai
- store.appupdate.ai
- encryption-plug-in-signal.com-ae.net
- ae.totok.chat
- totokupdate.ai
- totokapp.info
- spiralkey.co
- totok-pro.io
- sion.ai
- sgnlapp.info
- noblico.net
- in-signal.com
- app-totok.io
- ai-messenger.co
Additional Informations
- United Arab Emirates