Thousands of Android users' personal data stolen - SDN

ShiftDelete.net
FOLLOW US

Thousands of Android users’ personal data stolen

Android users were targeted through fake Signal and ToTok apps. Thousands of users' personal data was stolen.

Thousands of Android users’ personal data stolen

Cybersecurity experts have uncovered two new spyware programs targeting Android devices. The malware, ProSpy and ToSpy, spread through fake Signal and ToTok apps. These malware, which infiltrate users’ devices with seemingly innocent add-ons and update files, has been found to be particularly active in the Middle East.

The ProSpy campaign deceived users with a fake add-on disguised as Signal. Immediately after installation, the downloaded package requested permissions to access the device’s message logs, contact list, and files. Once the installation was complete, the malware began running in the background, stealing personal data and transmitting it to attacker-controlled servers.

Google Play Impersonated

The attackers employed deceptive methods to conceal the malware. The app imitated the Google Play Services icon on the home screen, appearing trustworthy to users. Tapping the icon opened the real Play Services window, preventing suspicion. This method allowed the malware to operate undetected on devices for extended periods.

ToSpy, on the other hand, spread through fake versions of ToTok. When users installed the app, they were asked for storage permission, and immediately afterward, documents, photos, videos, and chat backups—personal data—were stolen and transferred to the attackers’ servers.

When the app was launched, the real ToTok app was running in the background. This made it difficult for victims to detect the fake software. If ToTok wasn’t installed on the device, users were directed to official stores and asked to download the app.

According to ESET’s analysis, the two campaigns were activated at different times. ToSpy was built on an infrastructure established in 2022, while ProSpy’s operations began in 2024. The results suggest that the attacks were carried out with long-term planning.

The spyware exploits Android’s system services to continue operating even after the device is restarted. It reactivates closed processes with AlarmManager and gains system priority by imitating previously running services, allowing it to run uninterrupted in the background and continue to steal personal data. It also ensures a persistent presence by automatically starting when the device is turned on.

Precautions and Warnings
Experts warn users about the dangers posed by fake apps. Android users should only download apps from official stores like the Google Play Store. Downloads from developers’ official websites are also considered safe.

Users are advised to keep Play Protect enabled, avoid installing APKs from unknown sources, and use security software when they notice suspicious activity on their devices. It is also emphasized that security policies must be strictly enforced on corporate devices.

Android
Google

SDN Comments 0 Comments

Comment

HOW TOAll

Related News

The App Store is flooded with fake Sora 2 apps
The App Store is flooded with fake Sora 2 apps
OpenAI enters the financial sector
OpenAI enters the financial sector
Xbox’s Call of Duty move proves costly
Xbox’s Call of Duty move proves costly
Gmail has activated end-to-end encryption
Gmail has activated end-to-end encryption

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio