Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Espionage Campaign Uses Fake Messaging Apps to Spread Spyware

Espionage Campaign Uses Fake Messaging Apps to Spread Spyware

Posted on April 10, 2026 By CWS

A covert espionage operation has been active across the Middle East since 2022, employing counterfeit versions of trusted messaging apps to infiltrate Android devices with a spyware known as ProSpy. This malicious software masquerades as legitimate apps like Signal, ToTok, and Botim, frequently used by journalists and activists for secure communication.

Discovery of the Espionage Campaign

The espionage activities came to light in August 2025 when Access Now’s Digital Security Helpline started probing a surge of phishing attacks targeting Egyptian journalists and opposition figures. Their investigation unveiled Android malware linked to these attacks, prompting further exploration into its origins.

This inquiry exposed a wider espionage network affecting several countries, including Egypt, Bahrain, the UAE, Saudi Arabia, Lebanon, and even extending to the UK and potentially the US.

Connections to BITTER APT

Analysts from Lookout Threat Intelligence identified this campaign as a probable hack-for-hire scheme connected to BITTER APT (T-APT-17), a group suspected of ties to the Indian government. Researchers obtained 11 ProSpy samples, the earliest from August 2024, and tracked the malware’s infrastructure across numerous servers and fake websites.

There is moderate confidence that BITTER APT, or an affiliated organization, was contracted to perform surveillance on civil society in the MENA region, marking a novel instance of BITTER-linked activities targeting this demographic.

Mechanisms of ProSpy Deployment

ProSpy’s dissemination follows a calculated two-phase strategy. Initially, attackers construct fake identities on social media or messaging platforms to engage with targets. Once trust is established, a spearphishing link is sent, directing Android users to a site hosting a malicious APK disguised as a legitimate messaging app.

In one case, users were baited with an invitation to a secure video call. Clicking the link redirected them to a site mimicking a ToTok app update, resulting in an automatic download of the spyware. These sites were available in both English and Arabic, underscoring the attackers’ focus on Arabic-speaking users. Similar sites were crafted for Signal and Botim.

Protective Measures and Recommendations

Civil society members, especially in the Middle East, should refrain from downloading apps outside official stores and remain wary of dubious links, even from trusted contacts. Organizations aiding vulnerable individuals are advised to promote mobile threat detection tools and educate users on the risks of unverified app installations.

Any unusual app requests or unexpected device behavior post-installation should raise immediate concerns and prompt a thorough review.

Cyber Security News Tags:Android malware, BITTER APT, Cybersecurity, Espionage, Middle East, mobile security, phishing attacks, ProSpy, secure messaging, Spyware

Post navigation

Previous Post: France Adopts Linux for Government Workstations
Next Post: AI API Routers: Security Risks and Data Theft Concerns

Related Posts

Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls Cyber Security News
See Cyber Threats to Your Industry and Region in Just 2 Seconds See Cyber Threats to Your Industry and Region in Just 2 Seconds Cyber Security News
European Commission Thwarts Cyber-Attack on Mobile Data European Commission Thwarts Cyber-Attack on Mobile Data Cyber Security News
Azure Identity Token Vulnerability Enables Tenant-Wide Compromise in Windows Admin Center Azure Identity Token Vulnerability Enables Tenant-Wide Compromise in Windows Admin Center Cyber Security News
MCPTotal Launches to Power Secure Enterprise MCP Workflows MCPTotal Launches to Power Secure Enterprise MCP Workflows Cyber Security News
Fortinet Alerts on Credential Attack Targeting FortiGate Fortinet Alerts on Credential Attack Targeting FortiGate Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks
  • Top Unified Threat Management Solutions in 2026
  • Study Reveals Security Flaws in Free Android VPN Apps
  • WhatsApp Exploit Turns OpenClaw into Hacker Tool

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • FastNetMon Unveils Netomics for Enhanced Routing Control
  • Hackers Exploit Fake Microsoft Passkey Enrollment for Attacks
  • Top Unified Threat Management Solutions in 2026
  • Study Reveals Security Flaws in Free Android VPN Apps
  • WhatsApp Exploit Turns OpenClaw into Hacker Tool

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark