WhatsApp has reported a spyware attack via a fake app
This is stated in a statement from WhatsApp, which the company provided to TechCrunch.
WhatsApp stated that its security team proactively identified around 200 users who had likely downloaded a malicious unofficial client. All of them were logged out of their accounts, warned about the risks to privacy and security, and urged to delete the fake app and install the official version of WhatsApp from a trusted source.
The company emphasised that the campaign was “highly targeted” and based on deceiving users. According to Reuters, WhatsApp links this attack to ASIGINT – a subsidiary of the Italian company SIO, which develops surveillance tools for government clients.
What is known about the attack
WhatsApp spokesperson Margarita Franklin stated that the company is not yet disclosing who exactly was affected, in particular whether journalists or civil society representatives were among them. She said the company’s priority was to quickly protect users who might have installed the fake iOS app.
WhatsApp also stated that it intends to send this spyware company a formal legal notice demanding that it cease such activities. Meanwhile, Reuters notes that SIO did not immediately respond to a request for comment, and the Italian Ministry of the Interior referred the matter to the police.
TechCrunch previously reported that SIO had already been linked to spyware Android apps, including fake versions of WhatsApp. This spyware was identified under the name Spyrtacus.
This is the second public incident in less than a year and a half in which Meta has reported spyware activity in Italy. In early 2025, WhatsApp warned around 90 users about another attack using Paragon Solutions spyware, which caused a stir in the country.
