WhatsApp has alerted approximately 200 users, primarily in Italy, who unknowingly downloaded a malicious fake version of the messaging app. The app was created by SIO, an Italian spyware maker, and contained surveillance tools designed to compromise user privacy and security.
Fake App Deployed by Government Spyware Maker
The company identified the fraudulent application and took action by logging affected users out of their accounts. Those notified were warned about the risks associated with unofficial clients and encouraged to download the legitimate WhatsApp app. WhatsApp spokesperson Margarita Franklin stated that the company cannot disclose further details about the targeted users, such as whether they were journalists or civil society members.
Established Surveillance Tactics
This incident is not isolated; authorities in Italy have a history of using fake apps to conduct surveillance. Cellphone providers sometimes collaborate by sending phishing links to customers at the request of law enforcement. SIO operates through its subsidiary ASIGINT, developing government spyware under the name Spyrtacus, as revealed in previous investigations by TechCrunch.
Previous Incidents and Legal Action
Last year, WhatsApp previously alerted 90 users targeted by spyware made by Paragon Solutions, another surveillance tech firm. The affected users included journalists and pro-immigration activists. In response to the latest breach, WhatsApp plans to pursue legal action against SIO to halt further malicious activity.
The incident underscores the ongoing threat of government-backed surveillance via deceptive software distribution. Neither Apple nor SIO has yet responded to requests for comment, highlighting the lack of transparency surrounding these operations.
This demonstrates how easily users can be compromised through fake apps, especially when governments and private firms collaborate to bypass security measures.
