WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware

WhatsApp says it has notified around 200 users who were tricked into installing a malicious fake version of the chat app that contained spyware.

WhatsApp accused Italian spyware maker SIO of creating a fake version of its messaging app for iPhones, according to an announcement the company shared with TechCrunch.

“Our security team proactively identified around 200 users primarily in Italy who we believe may have downloaded this malicious unofficial client,” WhatsApp said in its statement. “We have logged them out, alerted [them] to the risks to their privacy and security that come with downloading fake unofficial clients, and encouraged them to remove it and download the official WhatsApp app.”

WhatsApp spokesperson Margarita Franklin told TechCrunch that, at this point, the company cannot share more information about the users it notified, such as whether they were journalists or members of civil society.

“Our priority has been protecting the users who may have been tricked into downloading this fake iOS app,” said Franklin.

In its announcement, WhatsApp also said it plans to “send a formal legal demand to stop any such malicious activity to this spyware firm.”

A screenshot of the notification Whatsapp sent to users warning them to download the official appImage Credits:WhatsApp

Italian newspaper La Repubblica and news agency ANSA first reported the news.

Last year, TechCrunch revealed that SIO was behind a series of malicious Android apps that contained its spyware, including fake versions of WhatsApp, as well as fake customer support tools for cellphone providers. SIO’s spyware was identified with the name Spyrtacus, a word that appeared in the spyware’s code.

Contact Us

Do you have more information about SIO, or other government spyware makers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.

Using fake apps against targets of surveillance is a well-established tactic used by authorities in Italy, who often get collaboration from cellphone providers, who send phishing links to their customers on behalf of law enforcement.

SIO develops government spyware through its subsidiary ASIGINT.

Apple and SIO did not respond to a request for comment.

WhatsApp’s latest announcement comes a year after the company alerted around 90 users that they had been targeted with spyware made by the U.S.-Israeli surveillance tech maker Paragon Solutions. WhatsApp sent those notifications to journalists and pro-immigration activists, among others, sparking a wide-ranging scandal across Italy.

In response, Paragon cut ties with Italy’s spy agencies, which were its customers.

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio