Here’s one more reason to double-check before you tap ‘Install’: WhatsApp’s parent company, Meta, has confirmed that approximately 200 iPhone users—mainly in Italy—were quietly targeted in a spyware campaign through a fake version of the app. Even the App Store can’t always guarantee your security.
A Fake WhatsApp App on iPhone: What Happened?
WhatsApp reported that it had notified around 200 users, mostly in Italy, after detecting that they had installed a fraudulent version of the messaging app on their iPhones. This unofficial app contained spyware designed to monitor affected users without their knowledge.
According to a statement provided to TechCrunch, Meta said its security teams proactively uncovered the campaign. Accounts suspected of being compromised were disconnected, and those users warned about potential threats to their personal data. WhatsApp urged affected individuals to delete the malicious app and to reinstall the official version from the legitimate app store.
Who Was Behind the Spyware?
WhatsApp attributed this operation to the Italian company SIO, known for developing surveillance technology, and its subsidiary ASIGINT. SIO already had a reputation for creating spyware intended for government entities. Back in 2025, researchers had identified several fake Android applications carrying spyware called “Spyrtacus.” WhatsApp stated it was planning to send a cease-and-desist letter in an attempt to halt these activities.
How Was the Fake App Distributed?
At this point, WhatsApp has not disclosed details about the profile of the affected users. The company said its overriding aim is to protect any potentially compromised accounts.
The exact method by which the fraudulent app was spread remains unclear. While it is sometimes possible to install apps outside the App Store on iPhones in specific circumstances, reports suggest the operation relied heavily on deception to convince users to install the unofficial and spyware-infected WhatsApp.
Using fake applications is a known tactic in targeted surveillance campaigns, preying on users’ willingness to download software outside of trusted, official platforms.
A Broader Surge in Messaging App Attacks
This incident reflects a wider increase in attacks on messaging platforms. A bulletin released on March 20 by the French Cyber Crisis Coordination Center (C4) warned about a series of attacks targeting the accounts of public officials and senior professionals. The aim: to gain access to sensitive communications, steal contacts, and impersonate high-profile victims.
Such attacks often involve social engineering tactics such as intercepting codes or fraudulently associating a new device with a victim’s account. Signal has reportedly been a frequent target, but all mainstream messaging services—including WhatsApp—are considered at risk.
Editor’s note: The source text also mentioned stereotypes about the nuclear sector and a company called Assystem, but this is unrelated to the WhatsApp spyware campaign.
