WhatsApp Users Targeted by Italian Spyware in Fake App Incident

Severity: High (Score: 71.2)

Sources: Tech.Yahoo, Ground.News, Thenextweb, Timesnownews, Uk.Investing

Summary

WhatsApp has alerted approximately 200 users, primarily in Italy, that they were deceived into downloading a counterfeit version of its app containing government spyware. The fake application was developed by SIO, an Italian surveillance firm, through its subsidiary ASIGINT. This incident marks a significant escalation in state-sponsored surveillance tactics, as the malware, named Spyrtacus, was embedded in an app designed to mimic WhatsApp. Victims were logged out of their accounts and warned about potential privacy risks. This is the second known incident involving spyware targeting WhatsApp users in Italy within 15 months, following a previous case involving Paragon Solutions. The spyware can access sensitive data, including text messages and call logs, and is distributed via deceptive methods, often bypassing official app stores. WhatsApp plans to take legal action against SIO to prevent further malicious activities. Key Points: • Approximately 200 users in Italy were tricked into installing a fake WhatsApp app. • The counterfeit app contained spyware named Spyrtacus developed by Italian firm SIO. • This incident follows a previous spyware exposure involving Paragon Solutions in early 2025.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Trojan (attack_type)
• Asigint (company)
• Meta Platforms (company)
• Paragon Solutions (company)
• SIO (company)
• Sio Spa (company)
• Paragon (tool)
• WhatsApp (platform)
• Android (platform)
• Apple App Store (platform)
• Google Play Store (platform)
• IOS (platform)
• Israel (country)
• Italy (country)
• investing.com (domain)
• news.az (domain)
• Asigint-Sio (malware)
• Graphite (malware)
• Pegasus (malware)
• Spyrtacus (malware)
• T1204 - User Execution (mitre_attack)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)