- Prospy and Tospy -Malware -Campaigns Faked Signal and Totok to Infect Android -Users
- Malware Exfiltrates SMS, contacts, files and disguises themselves as Google Play Services
- Apps spread through third -party stores; Users called for to stick to official app sources
Android users in the United Arab Emirates and the wider region are targeted by two malicious campaigns that falsified known chat apps, signal and totok, to distribute malware.
Security researchers at Eset said they started tracking the Prospy and Tospy campaigns in June 2025, but believe they could have started back in 2024.
The attackers created fake, non-existent signal encryption plugins and a pro version of the Totok app to trick users to download and run malware. Those who do not see the trick end up losing sensitive information as the campaign utilizes data ex -filtration.
How to remain safe
Once installed, Malware requests access to SMS messages, files and contact lists, which it then exfiltrates along with device information, backup files and a list of other installed apps.
The signal encryption plug also renames ‘Play Services’ at installation and changes its icon to avoid being discovered and removed. Tap on the icon also brings the info screen to a legitimate Google Play Service app.
Since these apps are distributed through third-party app stores and custom sites, the best way to remain in security is only downloading apps from reputable sources like the official Google Play Store and Apple App Store.
Signal is a popular and legitimate privacy first chat application of approx. 70 million users around the world. Totok, on the other hand, has a more controversial story. The app was developed by a UAE company called G42, back in 2019. It offered free voice and video calls and placed itself as an alternative to services such as WhatsApp and Skype, which were limited in UAE.
However, Totok was later removed from the Google Play Store, and the Apple App Store after investigations suggested it was used as a monitoring tool by the UAE government, but it remains popular in the region.
Via Bleeping computer
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
