WhatsApp Warns Users Targeted by Spyware Attack via Weaponized Version of the App

Meta has officially alerted approximately 200 WhatsApp users, primarily located in Italy, that their devices were compromised by a weaponized, fraudulent version of the messaging application.

This malicious software was distributed through social engineering tactics rather than official app stores, tricking targets into installing a spyware-laden clone.

The fraudulent application was designed to mimic the exact look and feel of the legitimate WhatsApp client to deceive unsuspecting victims. It was pushed to targeted individuals as a necessary update or an exclusive alternative variant of the popular messaging platform.

Instead of functioning as a standard communication tool, the clone secretly operated as a Trojan horse carrying government-grade spyware.

The malicious campaign was orchestrated by ASIGINT, an Italy-based technology firm that specializes in cyber intelligence solutions.

ASIGINT operates as a subsidiary of SIO Spa, a Cantù-based company historically known for providing interception and surveillance technologies to government agencies and institutional clients.

On its official website, the firm markets itself as a developer of high-performance, field-proven cybersecurity and digital surveillance solutions.

The attackers completely bypassed the security protections of the Apple App Store and Google Play Store by utilizing less-controlled, third-party distribution channels.

They relied heavily on social engineering, a psychological manipulation technique that aims to trick specific individuals into willingly downloading unverified software. This meant the attack succeeded due to human vulnerability and misplaced trust rather than any technical zero-day exploit.

Security researchers have identified the underlying malware embedded in these fake applications as “Spyrtacus,” a surveillance tool discovered within the spyware’s code.

Once installed on a victim’s iPhone or Android device, the spyware grants external actors extensive access to sensitive smartphone data.

This illicit access allows the software to steal text messages, extract chat histories, copy call logs, and even covertly record audio and video using the device’s microphone and camera.

Meta’s internal security team proactively identified roughly 200 individuals who had successfully downloaded and activated this malicious third-party client. The tech giant noted that the surveillance campaign was highly targeted rather than a mass-distribution effort, with the vast majority of victims residing in Italy.

While Meta has not disclosed the specific identities of the targets, the nature of the spyware suggests they were individuals of specific interest to the surveillance firm’s clients

Upon discovering the active surveillance campaign, Meta immediately intervened to protect the targeted individuals from further data extraction. The company proactively logged the affected users out of their WhatsApp accounts and severed the unauthorized connections to the platform’s servers.

Victims subsequently received a direct alert warning them about the severe privacy risks and instructing them to delete the fraudulent client immediately, Repubblica reported.

WhatsApp explicitly emphasized that this targeted espionage operation did not exploit any inherent vulnerabilities within the official application, its infrastructure, or its cryptographic protocols.

Personal communications sent through the legitimate WhatsApp application remain fully protected by the platform’s standard end-to-end encryption and default privacy settings.

The company maintains continuous monitoring systems specifically designed to detect and block compromised or unofficial clients attempting to access its network.

This is not the first time SIO Spa has been implicated in distributing deceptive surveillance applications. In early 2025, security researchers exposed a similar Android-based campaign by the company that utilized fake customer support applications impersonating Italian mobile providers like TIM, Vodafone, and WINDTRE.

This latest operation marks a significant escalation in their tactics, as they have now successfully expanded their spyware capabilities to target Apple’s highly restricted iOS ecosystem.

Users who suspect their devices have been compromised are advised to immediately delete the unofficial application and run a comprehensive security sweep.

Cybersecurity experts strongly recommend performing a factory reset on the device to completely eradicate any lingering spyware components. Finally, affected individuals should reinstall the official WhatsApp application directly from trusted digital storefronts to ensure their ongoing communications remain secure.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.