■■■■□ 🚨🇦🇪New Spyware Samples Spread in UAE
On 13 March 2026, an APK file named Totok_pro_v2.8.8.10118.apk was uploaded to multiple sandbox platforms, originating from the UAE. It impersonates the legitimate (but controversial) messenger app ToTok.
This appears to be a newer variant in the ongoing ToTok&Signal impersonation spyware campaigns targeting privacy-conscious Android users in the UAE and GCC region. Earlier variants of ProSpy&ToSpy families were documented by ESET in October 2025, with ProSpy discovered around June 2025 and ToSpy activity dating back to mid-2022. New samples indicate the operation continues, though without major technical sophistication.
https://x.com/PURPLE_CYBINT/status/2033378346063614084?s=20