ESET: viruses disguised as Signal and ToTok messengers to steal data.
Malicious actors have begun spreading viral programs disguised as popular messengers. This was noted by BleepingComputer.
ESET security specialists reported on spyware programs they named ProSpy and ToSpy. These dangerous applications, capable of reading data stored on the user's smartphone, are distributed via apk files on websites. According to experts, the malicious software "pretends" to be Signal and ToTok.
Signal is a popular messenger with end-to-end encryption, boasting over 100 million downloads on the App Store and Google Play. ToTok was developed in the UAE. Notably, in 2019, the messenger was removed from official app stores due to suspicions of ties with UAE authorities.
When launching programs infected with ProSpy and ToSpy, users are asked to grant access to their contact list, SMS, and files. According to ESET researchers, this is a standard request — all messengers do this. However, after activation, the malicious applications gain access to information about the smartphone, saved SMS, all files in the device's memory, and the list of installed applications.
"Android users are advised to download applications only from official or trusted repositories or directly from the developer's website," ESET concluded.
Leave a comment