ESET Research recently uncovered two previously undocumented Android spyware families targeting individuals interested in secure communication apps. The spyware families, named Android/Spy.ProSpy and Android/Spy.ToSpy, aim to exfiltrate sensitive data from compromised Android devices, including documents, media, files, contacts, and chat backups.
ProSpy, which impersonates both Signal and ToTok, is being distributed through deceptive websites and social engineering techniques. On the other hand, ToSpy targets ToTok users exclusively. These malware families have been detected in the UAE and are believed to be part of regionally focused operations with strategic delivery mechanisms.
The ProSpy campaign was initially discovered in June 2025 and appears to have been active since 2024. It is distributed through deceptive websites posing as upgrades or plugins for the Signal and ToTok apps. The use of domain names ending in ae.net suggests a focus on individuals residing in the UAE. The malware exfiltrates data such as device information, stored SMS messages, contact lists, chat backups, audio, video, and images.
In a separate investigation, ESET Research found the ToSpy campaign actively distributing spyware originating from a device in the UAE. This campaign targets ToTok users through deceptive websites impersonating the messaging app. The spyware collects and exfiltrates user contacts, device information, chat backups, images, documents, audio, and video.
Users are advised to exercise caution when downloading apps from unofficial sources and to avoid enabling installation from unknown origins. Installing apps or add-ons from unofficial sources, especially those claiming to enhance trusted services, can put users at risk of falling victim to spyware attacks.
For more detailed analysis and technical breakdowns of Android/Spy.ProSpy and Android/Spy.ToSpy, readers can refer to the latest ESET Research blog post. Stay updated with ESET Research on Twitter, Bluesky, and Mastodon for the latest news on cybersecurity threats.
ESET is a leading provider of cybersecurity solutions that prevent attacks before they occur. Combining AI and human expertise, ESET stays ahead of emerging global cyberthreats to secure businesses, critical infrastructure, and individuals. With a focus on endpoint, cloud, and mobile protection, ESET offers AI-native, cloud-first solutions for robust detection and response, secure encryption, and multifactor authentication. For more information, visit www.eset.com or follow ESET on social media, podcasts, and blogs.