surveillance tool Archives

AppWizard

November 29, 2025

‘I don’t trust it’: Russians sceptical about state-backed messenger MAX

MAX is a new messaging platform launched by VK in Moscow, designed to consolidate various services and mandated by Russian authorities to be included in all new smartphones and tablets starting September 1. This move coincides with a ban on calls from foreign messaging apps like WhatsApp and Telegram. MAX is promoted as a secure alternative to foreign apps, but lacks end-to-end encryption, raising privacy concerns. The Russian media regulator, Roskomnadzor, announced plans to consider a complete ban on WhatsApp, which has nearly 100 million users in Russia, citing its role in facilitating criminal activity. Public sentiment is mixed, with some individuals expressing distrust towards MAX while others seem unconcerned about the transition to it or other messaging alternatives.

AppWizard

November 17, 2025

‘Unremovable Israeli spyware’ on your Samsung phone? Here’s what the controversy is all about

Samsung is facing controversy over a pre-installed application called AppCloud on its budget devices, particularly in the Galaxy A, M, and F series. AppCloud recommends popular third-party applications during setup or updates, but many users consider it bloatware due to its inability to be uninstalled. The app is associated with ironSource, a company owned by Unity, which has raised concerns about potential data harvesting and surveillance, particularly in regions like Africa, the Middle East, and India. A social media post characterized AppCloud as “unremovable Israeli spyware,” referencing an analysis by the digital rights organization SMEX. The app operates with system app permissions, complicating removal for average users. IronSource has a history of bundling applications that have been criticized for monetization without user consent. While claims about AppCloud's spying capabilities are unverified, the app's presence and removal difficulties have unsettled users, leading to speculation that Samsung may eventually allow users to uninstall or disable it.

Tech Optimizer

October 7, 2025

New Fully Undetectable FUD Android RAT Discovered and Publicly Released for Download on GitHub

A new Android Remote Access Trojan (RAT) has appeared on GitHub, described as fully undetectable and capable of bypassing advanced permission and background process restrictions in customized Chinese ROMs like MIUI and EMUI. This malware utilizes a multi-layer dropper to integrate its payload within legitimate applications, allowing it to overcome autostart restrictions and battery optimization features. Upon installation, it escalates privileges to gain comprehensive access to the device, using AES-128-CBC encryption for command-and-control communication to evade detection. The RAT can record and delete call logs, intercept voice calls, manipulate SMS messages, and capture keystrokes through a keylogger. It also has capabilities for live screen captures, camera access, audio and video recording, and clipboard hijacking. Additionally, it can encrypt files and lock the device, demanding a ransom for access. The malware employs social engineering tactics, such as spoofed notifications and phishing prompts, to facilitate credential theft. Its persistence mechanisms allow it to operate with minimal resource usage, making detection difficult. The attacker interface is web-based, enabling control from any standard browser without specialized infrastructure. The public release of this RAT raises concerns about the misuse of open-source repositories for distributing malicious tools, prompting calls for stricter oversight on platforms like GitHub.

AppWizard

October 2, 2025

Android spyware disguised as legitimate messaging apps targets UAE victims, researchers reveal

Cybersecurity researchers have discovered two families of Android spyware that impersonate messaging applications Signal and ToTok, linked to campaigns named ProSpy and ToSpy. ToTok was discontinued in 2020 after being identified as a surveillance tool for the UAE government, but the spyware is disguised as an enhanced version called ToTok Pro. The spyware requests extensive permissions upon installation and exfiltrates sensitive data. It was distributed through third-party websites posing as legitimate services, with confirmed detections in the UAE, indicating a targeted operation. The spyware campaigns primarily aim at privacy-conscious residents in the UAE, as suggested by the domain name ending in “ae.net.”

AppWizard

October 2, 2025

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro

Cybersecurity researchers have identified two Android spyware campaigns, ProSpy and ToSpy, targeting users in the United Arab Emirates by impersonating popular applications like Signal and ToTok. These malicious applications are distributed through deceptive websites and social engineering tactics, requiring manual installation from third-party sites. The ProSpy campaign, active since 2024, uses misleading sites to host compromised APK files marketed as upgrades to Signal and ToTok. The ToSpy campaign, initiated around June 30, 2022, also employs counterfeit sites to deliver malware. Both spyware variants aim to steal sensitive data, including contacts, SMS messages, and files. The ProSpy app, ToTok Pro, contains a button that redirects users to the legitimate ToTok download page, while the Signal Encryption Plugin misleads users into downloading the genuine app. Both spyware types exfiltrate data before user interaction and maintain persistence through a foreground service and Android's AlarmManager. ESET is tracking these campaigns separately due to their different delivery methods, and the identities of those behind the activities remain unknown. Users are advised to be cautious when downloading apps from unofficial sources.

AppWizard

September 12, 2025

Meet Max, Russia’s all-in-one app: From messages to spying on Russians

The Russian messaging application Max was first tested in March 2025 and is developed by Communication Platform LLC, a subsidiary of VK. It is marketed as a "national" and "unified" messenger, with significant promotion from the Kremlin. A law signed by President Vladimir Putin in June 2025 established Max as a state-owned entity, mandating its use in school chats and pre-installation on smartphones. Mobile operators are required to offer Max without consuming data traffic. Users in occupied Ukrainian territories are also required to install the app. Restrictions on other messaging services have been implemented, with security services limiting their functionalities. By mid-August 2025, Max had around 18 million users, but it has faced criticism for lacking end-to-end encryption and requesting excessive access to smartphone features. Users have reported performance issues and concerns over surveillance by the Russian government. The Kremlin has acknowledged monitoring through Max, and the app is compared to China's WeChat. Putin has ordered increased control over foreign messaging applications, aiming to restrict the use of foreign software by September 2025.