Tag: spyware

ProSpy and ToSpy: the latest spyware threats disguised as messaging applications

ESET researchers have recently discovered two families of spyware, identified as ProSpy and ToSpy, that pose as popular messaging applications, Signal and ToTok, apparently targeting residents of the United Arab Emirates. Experts revealed that these malware campaigns were detected in June, although they are believed to date back to early last year. Be very careful with what you install on your mobile ToTok, which had been widely criticized for being a government espionage tool of the UAE, was discontinued in 2020 following an investigation by the New York Times. However, the spyware […]

Researchers from ESET have recently discovered two families of spyware, identified as ProSpy and ToSpy, that impersonate popular messaging applications, Signal and ToTok, apparently targeting residents of the United Arab Emirates. Experts revealed that these malware campaigns were detected in June, although they are believed to date back to early last year.

Be very careful with what you install on your mobile

ToTok, which had been widely criticized for being a spying tool of the UAE government, was discontinued in 2020 following an investigation by the New York Times. However, the spyware is presented as an improved version of that application, called ToTok Pro. When downloading this malware, permissions are requested to access contacts, text messages, and stored files, allowing the leakage of sensitive information, including device data and multimedia content.

It is important to note that the infected applications were not available in the official app stores. Instead, manual installation from third-party sites that mimicked legitimate services was required. For example, one of these malicious sites imitated Samsung’s Galaxy Store, leading users to install fraudulent versions of the ToTok application.

The confirmed detections of this spyware in the UAE, along with the use of phishing techniques and fake app stores, suggest that attackers are carrying out strategic operations focused on this region. This is not the first time a similar phenomenon has been observed, as in the past, ESET has documented the cover-up of malware in fake app updates such as WhatsApp and on sites that pretend to offer Telegram.

According to ESET’s research, since the popularity of the ToTok app was concentrated in the UAE and considering the impersonation tactics used, it is reasonable to think that users in this region are the primary target of spyware campaigns.

Iran intensifies the use of spy software on the web

Recently, new samples of DCHSpy have been detected, a spyware associated with the advanced persistent threat (APT) group MuddyWater, linked to Iran. The cybersecurity company Lookout announced this finding a week after the outbreak of the conflict between Israel and Iran, raising concerns about the increasing use of cyberattacks in this tense geopolitical context. A maneuver in response to Israel’s attack DCHSpy is known for its infiltration and data collection capabilities, primarily aimed at spying on government entities and corporations. MuddyWater, the group behind this tool, has been active […]

Recently, new samples of DCHSpy have been detected, a spyware associated with the advanced persistent threat (APT) group MuddyWater, linked to Iran. The cybersecurity company Lookout announced this finding a week after the outbreak of the conflict between Israel and Iran, raising concerns about the increasing use of cyberattacks in this tense geopolitical context.

A maneuver in response to Israel’s attack

DCHSpy is known for its infiltration and data collection capabilities, mainly aimed at spying on government entities and corporations. MuddyWater, the group behind this tool, has been active in the region for a long time, using various methods to carry out its cyber espionage operations. This new discovery of DCHSpy underscores the persistence of malicious activities by APT groups operating amid international conflicts.

The detection of this spyware coincides with an increase in the intensity of tensions between Israel and Iran, suggesting that cyberattacks could become an additional front in the conflict. According to cybersecurity experts, the use of DCHSpy may be aimed not only at gathering strategic information but also at creating destabilization in the political and social sphere of the involved nations.

While the threat of malware like DCHSpy is real, the exact nature of its implementation and the specific objectives of MuddyWater in this context are not completely clear. Rumors suggest that the group may intensify its cyber espionage efforts in response to the escalation of hostilities. As the international community observes these developments, the focus on cybersecurity becomes increasingly crucial in potential conflict scenarios.

Avast Free Antivirus DOWNLOAD

How to tell if your WhatsApp has spyware

How can I tell whether or not I was affected by the WhatsApp security breach?

WhatsApp

After WhatsApp’s recent security breach which led to personal data being compromised, users have been trying to figure out whether or not they were affected.

The first thing you can do is to update the app. However, the problem is that there is no concrete way of knowing whether you were affected by the breach.

The good news is that there ways you might be able to tell if your device was compromised.

WhatsApp Messenger Download Now ►
8

Look for signs of odd behavior

See if other programs are running slower than usual: Are YouTube videos not loading as quickly as they typically do? Is Instagram taking forever to refresh the page? Is that new app you’re downloading taking a small lifetime? These signs can mean that your phone is doing background tasks that are slowing down your phone.

Check your battery usage: If your battery power is depleting faster than normal, it might mean your device is sending and receiving lots of data.

Check to see if your phone is running hot: If your phone is hot to the touch, it might mean that it is sending and receiving data due to the spyware.

Just nip it in the bud with an antivirus app

If your phone has spyware or another virus, you typically can solve it with your standard antivirus app like Avira or Malwarebytes.

Avira Free Antivirus Download Avira ►
8

Malwarebytes Download now ►
8

If you think you have spyware or a virus, antivirus apps can scan your phone and remove anything problematic. It’s a smart idea to check for a problem rather than waiting around to see if you have one.

What are the chances that I was affected?

The main target of the spyware attack was a human rights lawyer in London. The alleged spyware is called Pegasus and it was made by the Isreali cyber-intelligence organization called NSO Group.

We’re going to go out on a limb and say that you are probably not affiliated with either the Israeli intelligence organization or the human rights lawyer in London who is suing them.

That said, it is in your interest to use these best practices to regularly check for signs of spyware on your device. Although you probably weren’t compromised in this spyware attack, it doesn’t mean you won’t get caught up in a different one.

Read more on spying technology

Satellite Live app allows real-time spying worldwide ►

News This Chrome extension was spying on your private Facebook groups ►

Some of the best Android apps might be spying on you ►

More than 3,000 apps have been spying on children without parental consent ►