Spyware Vendor Creates Fake WhatsApp App

securityaffairs.com · lschueller · 3 days ago · view on HN · research
quality 7/10 · good
0 net
Tags
apple browser exploit facebook google malware mobile phishing
Italian spyware vendor creates Fake WhatsApp app, targeting 200 users Home Breaking News Intelligence Malware Mobile Security Italian spyware vendor creates Fake WhatsApp app, targeting 200 users Italian spyware vendor creates Fake WhatsApp app, targeting 200 users Pierluigi Paganini April 02, 2026 WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recently uncovered a malicious fake version of its app that targeted roughly 200 users, most of whom are in Italy. The platform confirmed that the unofficial client contained spyware and was developed by Italian firm Asigint, a subsidiary of SIO Spa, a company known for providing surveillance tools to law enforcement and government agencies. “Our security team identified around 200 users, mostly in Italy, who we believe may have downloaded this unofficial and harmful client. We logged them out and alerted them to the privacy and security risks,” WhatsApp stated . “We believe this was a social engineering attempt targeting a limited number of users with the goal of inducing them to install harmful software impersonating WhatsApp, likely to gain access to their devices. Today, WhatsApp has taken action against Asigint, an Italian spyware company controlled by Sio Spa that created a fake version of WhatsApp. We believe the individuals behind this malicious client used social engineering techniques to trick people into downloading an unofficial and harmful app disguised as WhatsApp,” the Meta Group company said in a statement, adding that it intends to “send a formal legal notice to this spyware company to cease all harmful activity.” The affected users were promptly logged out and notified of the potential risks to their privacy and security. WhatsApp advised them to remove the fake app and reinstall the official version, emphasizing that the incident did not involve a vulnerability in WhatsApp itself; the end-to-end encryption of legitimate apps remains intact. According to WhatsApp, the attackers relied on social engineering techniques, tricking users into installing the counterfeit app, which was not available on official digital stores like the Apple App Store or Google Play. The approach suggests a highly targeted campaign, likely part of a broader investigation, rather than a mass-distribution attack. “It is important to clarify that this was not a vulnerability in WhatsApp; end-to-end encryption continues to protect the communications of people using the official WhatsApp apps,” the Meta Group platform stated, as reported by the Italian press agency ANSA . “We believe the individuals behind this malicious client used social engineering techniques to convince people to download an unofficial and harmful app, passing it off as WhatsApp, likely to gain access to their devices. We intend to send a formal legal notice to this spyware company to cease any harmful activity.” SIO, through Asigint, has a long history in the development of government-grade spyware. In a 2025 TechCrunch report , SIO was linked to Spyrtacus, a series of malicious Android apps that disguised themselves as WhatsApp and other popular applications. Spyrtacus allowed attackers to extract sensitive data from devices, including messages, contact lists, and call logs, as well as monitor users through microphones and cameras. A WhatsApp spokesperson explained that the company plans to issue a formal legal demand to Asigint, requesting that the company cease all malicious activities. The platform stressed that holding spyware developers accountable under law is a crucial part of protecting users from targeted attacks. WhatsApp has previously achieved a precedent-setting outcome by holding a commercial spyware firm responsible under U.S. law for attempting to spy on users’ mobile devices. The incident highlights a broader trend in digital surveillance: using fake apps as a tool for spying. Cybersecurity experts note that such tactics are common in operations targeting individuals for intelligence or law enforcement purposes. “The fake WhatsApp campaign demonstrates the sophistication of modern social engineering techniques, where attackers exploit users’ trust in popular software to gain access to sensitive devices,” I told ANSA. SIO describes itself as a team of software developers and architects leveraging advanced technologies to redefine human-computer interaction. According to its website, the company collaborates closely with law enforcement, government organizations, and intelligence agencies, boasting more than 30 years of experience in the sector. The fake WhatsApp case underlines how firms that operate in the intelligence space can inadvertently, or deliberately, target private users in ways that raise ethical and legal questions. While the full scope of the attack remains unclear, the proactive response by WhatsApp underscores the importance of vigilance. Users are strongly encouraged to only download official applications and remain alert to suspicious links or prompts, especially when dealing with messaging or banking apps. This case also demonstrates the evolving challenges of digital security in Italy and globally, where spyware developers increasingly use counterfeit applications to bypass traditional defenses and exploit user trust. Even though most affected individuals were Italian, the lessons extend to anyone using widely trusted apps. Awareness and timely updates are essential defenses against such targeted threats. In conclusion, the WhatsApp-Asigint incident is a reminder of the ongoing arms race between privacy-focused platforms and surveillance-focused actors. While end-to-end encryption protects users of legitimate apps, attackers will continue to explore indirect methods, such as fake apps, to circumvent safeguards. Vigilance, legal accountability, and prompt user education remain the most effective tools for mitigating these sophisticated threats. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, WhatsApp) facebook linkedin twitter Asigint Commercial surveillance vendors Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News SIO spyware WhatsApp you might also like Pierluigi Paganini April 03, 2026 Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies Read more Pierluigi Paganini April 02, 2026 Hasbro hit by cyberattack, investigates possible data breach Read more leave a comment newsletter Subscribe to my email list and stay up-to-date! recent articles Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies Data Breach / April 03, 2026 Cisco fixed critical and high-severity flaws Security / April 02, 2026 Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing Hacking / April 02, 2026 Italian spyware vendor creates Fake WhatsApp app, targeting 200 users Malware / April 02, 2026 Google fixes fourth actively exploited Chrome zero-day of 2026 Hacking / April 01, 2026 We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. Cookie Settings Accept All Manage consent Close Privacy Overview This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience. Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. Non-necessary Non-necessary Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. SAVE & ACCEPT
← Back to stories