Back

Italian Spyware Firm Targets WhatsApp Users with Fake App

Severity: High (Score: 71.2)

Sources: Gadgetreview, Socialsamosa, Tech.Yahoo, Digitaltrends, Ground.News

Summary

WhatsApp has alerted approximately 200 users, primarily in Italy, about a malicious version of its app that contained spyware developed by the Italian firm SIO. The fake app was distributed through deceptive means, tricking users into downloading it instead of the official version. WhatsApp's security team identified the affected users, logged them out of their accounts, and advised them to uninstall the counterfeit app. The spyware, named Spyrtacus, is designed to steal sensitive information from users' devices. This incident marks the second significant spyware exposure involving WhatsApp in 15 months, following a previous incident with Paragon Solutions. WhatsApp plans to take legal action against SIO to halt its malicious activities. The attack highlights the growing sophistication of social engineering tactics used by spyware vendors. Users are urged to only download applications from official sources to avoid similar threats. Key Points: • Approximately 200 users in Italy were targeted by a fake WhatsApp app containing spyware. • The spyware, identified as Spyrtacus, is designed to steal sensitive information from devices. • WhatsApp plans to take legal action against the Italian firm SIO responsible for the attack.

Key Entities

  • SIO (company)
  • Asigint (company)
  • Meta Platforms (company)
  • Paragon Solutions (company)
  • SIO/Asigint (company)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Trojan (attack_type)
  • Paragon (tool)
  • WhatsApp (platform)
  • Android (platform)
  • Apple App Store (platform)
  • App Store (platform)
  • Google Play (platform)
  • India (country)
  • Israel (country)
  • Italy (country)
  • digitalsiber.id (domain)
  • htdigital.in (domain)
  • investing.com (domain)
  • news.az (domain)
  • Asigint-Sio (malware)
  • Graphite (malware)
  • Pegasus (malware)
  • Spyrtacus (malware)
  • T1056 - Input Capture (mitre_attack)
  • T1204 - User Execution (mitre_attack)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • T1566 - Phishing (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed