Android spyware pretends to be Signal or ToTok update to fool victims - here's how to stay safe

News
By published

Two campaigns are targeting victims in UAE

(Image credit: Future)
  • ProSpy and ToSpy malware campaigns spoof Signal and ToTok to infect Android users
  • Malware exfiltrates SMS, contacts, files, and disguises itself as Google Play Services
  • Apps spread via third-party stores; users urged to stick to official app sources

Android users in the United Arab Emirates and the wider region are being targeted by two malicious campaigns which spoof known chat apps, Signal and ToTok, to distribute malware.

Security researchers at ESET said they started tracking the ProSpy and ToSpy campaigns in June 2025, but believe they could have started back in 2024.

The attackers created fake, non-existent Signal Encryption Plugins, and a Pro version of the ToTok app, to trick users into downloading and running the malware. Those that don’t spot the trick will end up losing sensitive information, since the campaign leverages on data exfiltration.

How to stay safe

Once installed, the malware requests access to SMS messages, files, and contacts lists, which it then exfiltrates, together with device information, backup files, and a list of other installed apps.

The Signal Encryption Plugin also renames itself to ‘Play Services’ upon installation, and changes its icon, to avoid being detected and removed. Also, tapping the icon brings up the info screen of a legitimate Google Play Service app.

Since these apps are being distributed through third-party app stores and custom websites, the best way to stay safe is to only download apps from reputable sources such as the official Google Play Store and the Apple App Store.

Signal is a popular and legitimate privacy-first chat application with roughly 70 million users worldwide. ToTok, on the other hand, has a more controversial history. The app was developed by a UAE company called G42, back in 2019. It offered free voice and video calls, positioning itself as an alternative to services like WhatsApp and Skype, which were restricted in the UAE.

However, ToTok was later removed from the Google Play Store and Apple’s App Store after investigations suggested it was being used as a surveillance tool by the UAE government, but it remains popular in the region.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.