- The Malware campaigns of Prospy and Tospy Falsan Signal and Totok to infect Android users
- Malware exfiltrates SMS, contacts, files and disguises itself as Google Play services
- Applications extend through third -party stores; Users urged to stay with official application sources
Android users in the United Arab Emirates and the largest region are being attacked by two malicious campaigns that register known chat applications, Signal and Totok, to distribute malware.
The ESET security researchers said they began to track the Prospy and Tospy campaigns in June 2025, but believe they could have started in 2024.
The attackers created false and non -existent signal encryption accessories and a Pro version of the Totok application, to deceive users to download and execute the malware. Those who do not detect the trick will end up losing confidential information, since the campaign takes advantage of data exfiltration.
How to stay safe
Once installed, the malware requests access to SMS messages, files and contact lists, which are then extended together with the device information, backup files and a list of other installed applications.
The signal encryption complement is also renamed to ‘reproduce services’ after installation, and change its icon, to avoid being detected and eliminated. In addition, playing the icon brings the information screen of a legitimate service application of Google Play.
Since these applications are distributed through third -party application stores and custom websites, the best way to stay safe is to download only applications from good reputation sources such as the official Google Play store and Apple App Store.
Signal is an application of popular and legitimate privacy chat with approximately 70 million users worldwide. Totok, on the other hand, has a more controversial story. The application was developed by an EAU company called G42, in 2019. It offered free voice and video calls, positioning itself as an alternative to services such as WhatsApp and Skype, which were restricted in the EAU.
However, Totok was later eliminated from the Google Play store and Apple’s application shop after the investigations suggested that the EAU government was using as a surveillance tool, but it is still popular in the region.
Through Bleepingcomputer
Keep PakGazette on Google News and Add us as a preferred source To get our news, reviews and opinion of experts in their feeds. Be sure to click on the Force button!
And of course you can also Keep PakGazette in Tiktok For news, reviews, video deciphes and get regular updates from us in WhatsApp also.
You may also like
