New spyware campaigns target privacy-conscious Android users in the UAE

ESET researchers uncovered two ongoing Android spyware campaigns—ProSpy (impersonating Signal add-ons and ToTok Pro) and ToSpy (impersonating ToTok)—that distribute malicious APKs via phishing sites and fake app stores, primarily targeting users in the UAE; both families maintain persistence, exfiltrate contacts, SMS, media and app backups (including .ttkmbackup), use AES-encrypted HTTPS C2 channels, and have active C2/distribution domains and published IoCs.