A Spy App Masquerading as WhatsApp
A fake version of WhatsApp, reportedly created by the Italian surveillance firm SIO, infected the iPhones of about 200 people. Meta, the parent company of WhatsApp, recently warned these users about this fake, espionage-focused version.
Most of the affected users were located in Italy, and had installed this fraudulent app on their iPhones. SIO describes itself as a provider of surveillance solutions for law enforcement and intelligence agencies. Meta clarified that it was not the developer and took action to notify those at risk.
“Our security team proactively identified around 200 users, mainly in Italy, who may have downloaded this unofficial malicious client. We logged them out, warned them of the privacy and security risks tied to downloading fake unofficial clients, and encouraged them to delete it and download the official WhatsApp app,” WhatsApp said in a statement.
Targeted Attacks and Ongoing Secrecy
Meta called the attack “highly targeted.” Margarita Franklin, a WhatsApp spokesperson, said that at this time, it is not possible to elaborate on the specific individuals targeted. WhatsApp has not disclosed whether journalists or other public figures beyond government or private business circles were affected. For now, questions remain over who exactly was in the crosshairs.
Meta Pushes Back Against Spyware
In response, Meta announced plans to send a formal cease and desist letter to SIO in an effort to halt these malicious activities. This legal measure follows previous moves by Meta to combat spyware vendors, including court cases in the US against NSO Group, the company behind Pegasus.
SIO’s History With Invasive Spyware
Security experts have previously identified SIO as the origin of a series of malicious Android apps hiding spyware named Spyrtacus. This invasive software, which surfaced in 2018, was engineered to steal SMS messages, conversations from WhatsApp, Signal, and Facebook Messenger, record calls, activate microphones and cameras, and extract contacts. Notably, the Android versions were disguised as official carrier apps from companies such as TIM, Vodafone, and WINDTRE.
A year before the current incident, WhatsApp warned 90 Italian users they had been targeted with another spyware tool, Graphite. This malware, developed by Israeli-American firm Paragon Solutions, had reportedly been used by Italian authorities to monitor journalists and pro-immigration activists. After public backlash, Paragon ended its contracts with Italian intelligence agencies.
Surveillance Tactics and the Use of Fake Apps in Italy
Research from Lookout and Google indicates that deploying fake apps for surveillance is a common tactic in Italy. Authorities there have worked with telecom operators to send phishing links to select subscribers, luring them into downloading spyware-infected tools. These methods let police gather information about targeted individuals—all under the guise of ordinary smartphone activity.
