If you’re an Android user and recently downloaded a messaging app from somewhere other than the Play Store, it’s time to take a closer look. Two dangerous spyware apps are spreading fast, and they’re pretending to be trusted communication tools. Here’s what’s happening and how you can stay safe.
ProSpy and ToSpy Are Targeting Android Phones
Meet ProSpy and ToSpy, two pieces of advanced spyware that are far from ordinary malware. These sneaky programs are built to steal your personal data quietly, all while posing as legitimate messaging apps like Signal and ToTok.
If ToTok sounds familiar, that’s because it was removed from app stores back in 2019 after reports claimed it was being used for government surveillance. Now, cybercriminals are using its name to lure users into downloading fake versions.
According to cybersecurity firm ESET, these fake apps aren’t on Google Play or the App Store. Instead, they’re being shared through fake websites designed to look exactly like the official Signal or ToTok download pages.
How the Spyware Works
Once installed, these fake apps get right to work. ProSpy and ToSpy request permission to access sensitive data such as your contacts, text messages, saved files, and even app activity. All of this information is secretly sent to the attackers’ servers.
One particularly sneaky move is how ProSpy hides itself. After installation, it changes its icon to look like Google Play Services, so users don’t realize it’s there. Tap the icon, and it even opens a real Play Services screen to make the disguise more convincing.
ToSpy has its own trick. If the real ToTok app is already on your phone, it opens that app in the background to appear legitimate. If not, it redirects you to the Huawei AppGallery to download it, keeping up the illusion that everything’s normal.
Why These Threats Are So Hard to Remove
What makes ProSpy and ToSpy especially dangerous is how persistent they are. Even if you try to close or uninstall them, they can restart automatically or run as background services. They don’t just appear once and vanish; they stay hidden, constantly collecting data without your knowledge.
ESET reports that ProSpy attacks likely started last year, while ToSpy may have been active since 2022. Most victims so far have been in the United Arab Emirates, but security experts warn these tactics could easily spread worldwide.
How to Protect Yourself
The best way to avoid these spyware traps is simple: only download apps from official app stores. It might be tempting to grab a “premium” version from a quick online search, but sideloading apps from unofficial sources is one of the easiest ways to get infected.
Always double-check the website you’re downloading from. Look closely at the URL, do a quick Google search for verification, and trust your instincts. If something feels off, it probably is.
Experts also recommend keeping your phone’s operating system updated and enabling Google Play Protect, which scans for and blocks suspicious apps before they can cause harm.
In today’s world, spyware is getting smarter every day. Staying safe isn’t about being paranoid; it’s about being cautious. Think before you tap “Download,” and keep your digital world secure.
ALSO READ: Laptop Battery Myths: Should You Keep It Plugged In?
