WhatsApp Security Alert: Fake App with Spyware Affects Hundreds of Users in Italy

Security Alert: WhatsApp Detects Spyware on iPhones

WhatsApp, the widely used messaging platform, has issued a significant security alert after identifying that approximately 200 of its users were tricked into downloading a malicious, fake version of its application. This fraudulent app, specifically designed for iOS devices (iPhones), aimed to install spyware, thereby compromising the privacy and security of those affected. The majority of the victims are located in Italy, once again highlighting the persistent nature of cyber threats targeting users of popular digital platforms.

WhatsApp's Proactive Response and Legal Actions

In response to this serious situation, WhatsApp's security team acted proactively. According to a statement shared with TechCrunch, the company not only identified the affected users but also proceeded to terminate their sessions to mitigate risks, alerted them about the inherent dangers of downloading unofficial clients, and strongly recommended immediate uninstallation of the fake app, advising them to download the official version. Margarita Franklin, a WhatsApp spokesperson, emphasized that the company's priority has been to protect its users. While she could not disclose whether journalists or civil society members were among the affected, the company has announced its intention to file a formal legal complaint against the responsible spyware company to halt any future malicious activities of this kind. This incident was initially reported by Italian media outlets such as La Repubblica and ANSA, which highlighted WhatsApp's swift reaction.

SIO: The Italian Manufacturer Behind Spyrtacus Spyware

The Italian spyware manufacturer SIO has been directly identified as responsible for creating this unofficial and malicious WhatsApp version for iOS. This is not the first time SIO has been at the center of a cybersecurity controversy. Last year, a TechCrunch investigation had already linked SIO to the development of a series of malicious applications targeting Android devices. Among these, fake WhatsApp versions and fraudulent customer service tools mimicking telecommunication operators were detected. The spyware used in these campaigns, identified in the code as "Spyrtacus," has previously been employed in surveillance and espionage operations, demonstrating the sophistication and malicious intent behind their creations.

Context of Surveillance and Government Collaboration in Italy

SIO's business model is particularly revealing: the company develops spyware for government agencies through its subsidiary, ASIGINT. This context is crucial, as in Italy, the use of fake applications as a surveillance tactic is a common practice. Often, these operations are carried out with the collaboration of mobile phone providers, who facilitate the sending of phishing links to specific users, disguised as legitimate communications from law enforcement agencies. This dynamic creates a significant risk environment for citizens' privacy, where the line between national security and indiscriminate surveillance can become blurred.

Precedents of Espionage on WhatsApp and the Fight for Privacy

This recent incident is not an isolated event in WhatsApp's history. It occurs just a year after the company alerted approximately 90 users about a similar attack, this time involving spyware manufactured by the US-Israeli firm Paragon Solutions. On that occasion, the victims included journalists and pro-immigration activists, leading to an international scandal that prompted Paragon to sever ties with the involved Italian intelligence agencies. These recurring attacks underscore the constant battle that platforms like WhatsApp face against malicious actors, whether private companies or government entities, who seek to exploit vulnerabilities to access sensitive information. Protecting user privacy remains a critical challenge in the global digital ecosystem.