A Malware Imitated WhatsApp and Spied on 200 Italians: Meta Alerts Users
A Malware Imitated WhatsApp and Spied on 200 Italians: Meta Alerts Users
Meta has lifted the veil on a new targeted surveillance operation involving the Italian company SIO, based in Cantù, and its subsidiary Asigint. At the center of the investigation conducted by the WhatsApp security team is the dissemination of a counterfeit client, designed to closely resemble the interface of the famous app but with the goal of infecting devices with the malware Spyrtacus. About 200 users received an alert notification directly from Meta, most of whom reside in Italy, after being deceived into installing unofficial software on their smartphones, including iPhones.
The attack does not exploit "zero-day" vulnerabilities or intrinsic flaws in WhatsApp’s code but relies entirely on social engineering techniques. Users are contacted via phishing links that simulate official communications from telecom operators or system notifications urging an urgent application update. Once the user consents to the sideloading of the malicious app, Spyrtacus gains complete access to messages, call history, microphone, and camera, operating silently in the background.
The SIO-Asigint Case: When Spyware Masquerades as an Official Chat
Analysis of the samples found shows that Spyrtacus is not a recent threat. Traces of the code date back to 2019, with a continuous evolution that has led the spyware to expand from the Android ecosystem to iOS. The peculiarity of this tool lies in its operational model: SIO acts as a supplier for government agencies and intelligence services, providing cyber-intelligence solutions at extremely low costs. The technology of the "computer bug" is therefore accessible not only to national law enforcement but also to local police commands for routine investigations.
In Italy, the regulatory framework allows the use of these state trojans under judicial authorization, but the case raised by Meta highlights the risks associated with the distribution chain. Often, network providers cooperate with authorities to send malicious links to their customers, transforming the telecommunications infrastructure into a vector of infection. Meta has responded firmly, forcibly disconnecting accounts that used the illegitimate client and ordering SIO to cease any activity that violates the platform's terms of service.
This operation marks Meta's second public intervention in Italy within fifteen months. Earlier in 2025, it was the turn of Paragon Solutions, an Israeli-American company whose software was used to target journalists and activists. The recurrence of such incidents confirms Italy as one of the leading European hubs for the commercial surveillance industry.
For users, the lesson is clear: the only way to ensure the integrity of their end-to-end conversations is the exclusive use of clients downloaded from official stores (App Store and Google Play). Any invitation to install alternative versions, perhaps promising additional features or resolution of alleged security issues, should be treated as an intrusion attempt.