WhatsApp alerts hundreds of users targeted by spyware in fake app scheme

WhatsApp has notified around 200 users, the majority based in Italy, who were targeted by a sophisticated spyware operation involving a fake version of its messaging application. The malicious software was developed by the Italian surveillance technology company SIO, according to an official announcement from WhatsApp shared with TechCrunch.

The company's security team proactively identified the affected users who had downloaded the unofficial, counterfeit iOS app. WhatsApp has since logged those users out of the service, alerted them to the privacy and security risks, and urged them to remove the malicious client and install the official application.

Legal Action and Spyware Details

In its statement, WhatsApp said it plans to "send a formal legal demand to stop any such malicious activity to this spyware firm." The company's spokesperson, Margarita Franklin, emphasised that protecting the users who may have been tricked was the priority, though further details about the victims, such as whether they were journalists or civil society members, were not disclosed.

The spyware, identified in its code as "Spyrtacus," was embedded within a fake WhatsApp client. This tactic mirrors previous operations where SIO created malicious Android apps, including counterfeit customer support tools for mobile providers, to deliver its surveillance software.

A Persistent Surveillance Tactic

The use of fake applications is a well-established method used by authorities in Italy, who often collaborate with telecommunications providers. These providers send phishing links to customers on behalf of law enforcement agencies to facilitate the installation of surveillance tools.

SIO develops its government-grade spyware through its subsidiary, ASIGINT. Neither SIO nor Apple responded to requests for comment from TechCrunch regarding the incident.

This latest notification campaign follows a similar action taken by WhatsApp a year prior, when it alerted approximately 90 users they had been targeted by spyware from the U.S.-Israeli firm Paragon Solutions. That earlier case, which involved journalists and pro-immigration activists, sparked a significant scandal in Italy, leading Paragon to sever ties with its Italian intelligence agency clients.