Mastodawn

Indian-linked spyware targets MENA journalists

Researchers have uncovered a chilling spyware campaign linked to India that targeted journalists in the Middle East and North Africa, raising serious concerns about surveillance and freedom of the press. The operation, carried out by a suspected Indian government-connected group, used a potent spyware tool to secretly monitor the work of brave journalists exposing…

https://osintsights.com/indian-linked-spyware-targets-mena-journalists?utm_source=mastodon&utm_medium=social

#IndianSpyware #Prospy #Bitter #MiddleEast #NorthAfrica

Indian-linked spyware targets MENA journalists

Discover how Indian-linked spyware targets MENA journalists, threatening press freedom. Learn more about the hack-for-hire campaign and its global implications now.

OSINTSights

The Threat Codex 4d ago

Espionage for repression: hack-for-hire phishing campaign targets civil society in MENA
#ProSpy
https://www.accessnow.org/mena-phishing-2026/

Espionage for repression: hack-for-hire phishing campaign targets civil society in MENA - Access Now

A new investigation by Access Now’s Digital Security Helpline has exposed a hack-for-hire campaign targeting two prominent Egyptian journalists and government critics.

Access Now

TechNadu Oct 3, 2025

🚨 Android Spyware Alert: ProSpy & ToSpy
ESET has discovered Android spyware campaigns targeting Signal and ToTok users.

These malicious apps, distributed via fake websites, exfiltrate contacts, SMS, media, and device data.

⚠️ Do NOT install apps from unofficial sources! Stay vigilant.
💬 How can mobile users and organizations improve defenses against spyware? Discuss & follow @technadu for cybersecurity alerts.

#ProSpy #ToSpy #AndroidMalware #CyberSecurity #MobileSecurity #SpywareAlert #Privacy #Infosec #ThreatIntel

securityaffairs Oct 3, 2025

#ProSpy, #ToSpy #malware pose as #Signal and #ToTok to steal data in #UAE
https://securityaffairs.com/182907/uncategorized/prospy-tospy-malware-pose-as-signal-and-totok-to-steal-data-in-uae.html
#securityaffairs #hacking #malware

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

Researchers uncovered two Android spyware campaigns, ProSpy and ToSpy, posing as Signal and ToTok in the UAE to steal data via fake sites.

Security Affairs

ESET Research Oct 2, 2025

#ESETResearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/
The first campaign deployed Android #ProSpy camouflaged as upgrades or plugins for Signal and ToTok apps, named Signal Encryption Plugin or ToTok Pro.
Android #ToSpy, the spyware used in the other campaign, masquerades solely as the ToTok app. It is distributed through phishing websites impersonating app distribution platforms, such as the Samsung Galaxy Store.
After compromising their targets, both ProSpy and ToSpy exfiltrate data in the background, including documents, media, files, and contacts. ToSpy in particular also targets .ttkmbackup files, suggesting a focus on chat history and app data.
Despite similar objectives and techniques, ESET tracks the two campaigns separately due to differences in infrastructure and delivery. Users should avoid downloading apps or plugins from unofficial sources, especially those claiming to enhance trusted services.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/prospytospy