December 23, 2019

ToTok

Platform(s) Affected
iOS
Platform(s) Affected
Android
Threat Type
Surveillanceware
Entry Type
Security Guidance
Threat Type
Malware
Platform(s) Affected
iOS
Android
Surveillanceware
Security Guidance
Malware

Lookout Recommendation for Admins

Lookout Mobile Endpoint Security enables admins to create more than 55 custom app security policies, allowing organizations to easily create security policies that block the use of apps exhibiting specific behaviors. To prevent users from being exposed to surveillanceware programs like ToTok, Lookout admins can implement a custom app policy to identify and blacklist new, unfamiliar apps that request a significant number of permissions.

Overview

Open-source security group Objective-See discovered a massively popular mobile chat app for iOS and Android that was built by the United Arab Emirates to “track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.” Built on top of Chinese chat app YeeCall, the app didn’t break Apple or Google developer guidelines, asking only permissions available to most developers. That said, the app enables broad surveillance of millions of users around the world.

Heavy governmental restrictions on apps like Skype and WhatsApp, drove mobile users in the UAE to download ToTok, which conveniently was both free and more reliable. With unlimited voice and video calling, as well as secure messaging, it was incredibly attractive to millions of Emiratis, and most recently millions of users outside the UAE.

How Does it Work?

ToTok asked for permission to access the microphone, calendar, location, photos, contacts, Siri integration, and camera, which all seemed legitimate since they mirror the permissions of popular chat apps. This demonstrates a new direction for surveillance programs. The app explicitly asks for permissions, but doesn't abuse these permissions, instead it relies on organic user activity in order to achieve their surveillance goals. Using permissions available to iOS and Android developers, ToTok is a good example of how threat actors can leverage mobile devices for unrivaled surveillance programs.

Lookout Recommendation for Admins

Lookout Mobile Endpoint Security enables admins to create more than 55 custom app security policies, allowing organizations to easily create security policies that block the use of apps exhibiting specific behaviors. To prevent users from being exposed to surveillanceware programs like ToTok, Lookout admins can implement a custom app policy to identify and blacklist new, unfamiliar apps that request a significant number of permissions.

Colleagues standing in an open meeting area and sharing a humorous moment

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Other Related Threats

New

September 15, 2023

Scattered Spider

Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign

September 19, 2023

CVE-2023-4863

September 18, 2023

ASPL 2023-09-01 / CVE-2023-35674