Active Since 2022: ToSpy Malware Targets UAE Users
Security researchers have uncovered a persistent malware campaign targeting users in the United Arab Emirates. Posing as legitimate apps, the spyware, known as ToSpy, has been active since 2022 and is still ongoing. The operator behind this campaign is the Quds Force, an Iranian Revolutionary Guard Corps unit.
The ToSpy malware was discovered by ESET in June 2022. It masquerades as the Samsung Galaxy Store and other popular apps, tricking users into manual installation from third-party websites. Once installed, the spyware can steal sensitive data, including contacts, chat backups, and media.
The campaign is regionally focused, with attacks delivered through fake app stores. The spyware is persistent, meaning it remains active even after reinstalling legitimate apps. ESET also detected a similar campaign, ProSpy, which began in 2024 and targeted users with fake Signal and ToTok apps. Both campaigns are linked to the Quds Force, with activities dating back to late 2019 to early 2020.
The ToSpy malware campaign, active since 2022, continues to pose a threat to users in the United Arab Emirates. Posing as legitimate apps, it steals sensitive data and is persistent once installed. The campaign is regionally focused and delivered through fake app stores. The operator behind this campaign is the Quds Force, an Iranian Revolutionary Guard Corps unit. Users are advised to be cautious when downloading apps from third-party sources.
Read also:
- Belarus Launches First Accredited Cybersecurity Center
- Bridge the IT-Security Divide with Qualys VMDR for ITSM: A New Application to Streamline Your IT and Security Operations
- Italy passes AI legislation addressing privacy concerns, supervision, and kid-safe access
- East Asian countries should be cautious, as scamming operations are moving towards the region - it's high time we stay vigilant. - Phar Kim Beng
