All news with #totok tag

Android spyware campaigns impersonate Signal and ToTok

🔒 Two newly identified Android spyware campaigns, dubbed ProSpy and ToSpy, impersonate Signal and ToTok to trick users into installing malicious APKs masquerading as a Signal encryption plugin or a Pro ToTok build. The malware requests standard messenger permissions and exfiltrates contacts, SMS, media, app lists and ToTok backups. ESET found distribution via cloned websites and noted persistence techniques to survive reboots. Users in the UAE appear to be targeted; download apps only from official stores or publishers and keep Play Protect enabled.

Android Spyware Posing as Signal Plugin and ToTok Pro

⚠️ Researchers at ESET have uncovered two Android spyware campaigns, ProSpy and ToSpy, that masquerade as a Signal encryption plugin and a ToTok Pro upgrade to target users in the U.A.E. Distributed via fake websites and social engineering, these apps require manual installation and request extensive permissions to persist and exfiltrate contacts, messages, media and device data. Users are advised to avoid installing apps from unofficial sources and to disable installations from unknown origins.

Android spyware targeting Signal and ToTok users in UAE

🔒 ESET researchers uncovered two previously undocumented Android spyware families—Android/Spy.ProSpy and Android/Spy.ToSpy—distributed via deceptive websites that impersonate Signal, ToTok and even app stores. Both families require manual APK installation from third‑party sites and maintain persistence while exfiltrating contacts, media, documents and chat backups. ToSpy notably seeks .ttkmbackup files and uses AES‑CBC encryption with a hardcoded key; several C&C servers remained active. Google Play Protect already blocks known variants, and ESET shared findings with Google.