WhatsApp has taken action against an Italian surveillance company accused of building a convincing fake version of the messaging app and deploying it against roughly 200 iPhone users — most of them based in Italy.
The company behind the operation is ASIGINT, a cyber-intelligence subsidiary of SIO Spa, a Cantù-based firm with a long history of building wiretapping and surveillance tools for government clients.
WhatsApp's security team identified the malicious client and has since logged out every affected user, pushed direct notifications warning them of the privacy risk, and urged them to uninstall the fake app and replace it with the official version.
Critically, this was not a WhatsApp vulnerability. The attack relied entirely on social engineering — convincing targets to sideload (install outside official app stores) what appeared to be a legitimate WhatsApp update or variant distributed through unverified third-party channels. End-to-end encryption on the official app remained intact throughout.
Once installed, the spyware-laced client could give external operators broad access to the device — consistent with capabilities previously linked to ASIGINT through a related malware strain called Spyrtacus, named after a string found buried in its code. That earlier variant, uncovered a year ago, could read SMS messages, intercept conversations across WhatsApp, Signal, and Facebook Messenger, raid the address book, record ambient audio via the microphone, and silently activate the camera.
WhatsApp says it will issue a formal legal demand ordering SIO to halt all such activity. The company has a history of making that kind of move stick: it was the first organization to successfully hold a commercial spyware vendor liable under U.S. law, after winning a landmark case against NSO Group.
The timing is notable. Just twelve months ago, WhatsApp alerted around 90 journalists and pro-immigration activists that they had been targeted using Paragon Solutions spyware — a disclosure that triggered a political scandal in Italy and ultimately led Paragon to cut ties with Italian intelligence agencies.
Italy now has two separate WhatsApp spyware incidents within a year, both traced back to domestic firms selling surveillance tools to government customers.
What users should do: Only install WhatsApp from the official App Store or Google Play Store. Never install messaging apps from links sent via SMS, even if they appear to come from your mobile carrier.