Meta Warns of Fake WhatsApp Version and Spyware Risks

Meta has issued a warning regarding a targeted spyware campaign that utilized a counterfeit version of WhatsApp to surveil users. The attack primarily targeted individuals in Italy, affecting approximately 200 users who were tricked into installing a malicious version of the messaging application.

Unlike traditional cyberattacks that rely on exploiting software vulnerabilities or zero-day flaws, this campaign relied on social engineering and deception. Attackers convinced victims to sideload the application, a process where software is installed from sources outside of official app stores, thereby bypassing the security protections provided by Apple and Google.

The Role of SIO and Spyrtacus

WhatsApp has identified the Italian spyware maker SIO as the entity responsible for creating the fake version of the app for iPhones. According to reports, SIO’s spyware has been identified by the name Spyrtacus, a term found within the software’s code.

What we have is not the first instance of SIO engaging in such activity. It was previously revealed that the firm was behind several malicious Android applications, including fake versions of WhatsApp and counterfeit customer support tools designed for cellphone providers.

Technical Impact and Device Access

Once a user installed the counterfeit client, the software functioned as surveillance tools, granting attackers extensive access to the victim’s device. The malicious app had the capability to collect sensitive information, including:

• Private messages and contact lists
• Real-time location data
• Activation of the device’s microphone and camera

Meta clarified that the official WhatsApp infrastructure, its official application and its end-to-end encryption were not compromised during this campaign. The breach occurred specifically because users installed an unofficial, malicious client rather than the legitimate app.

Meta’s Response and Mitigation

Upon identifying the affected users, Meta’s security team took immediate action to prevent further data theft. The company logged the approximately 200 targeted users out of their accounts and sent warning notifications urging them to remove the unofficial client and download the official version of WhatsApp.

Our security team proactively identified around 200 users primarily in Italy who we believe may have downloaded this malicious unofficial client. We have logged them out, alerted [them] to the risks to their privacy and security that come with downloading fake unofficial clients, and encouraged them to remove it and download the official WhatsApp app.

WhatsApp statement

In addition to protecting users, Meta stated it plans to send a formal legal demand to SIO to stop the malicious activity.

Target Demographics

While the campaign was primarily concentrated in Italy, the specific identities of the victims remain undisclosed. When questioned about whether the targets included journalists or members of civil society, WhatsApp spokesperson Margarita Franklin stated that the company’s priority was the protection of the users who were tricked into downloading the fake iOS application.

This incident highlights the ongoing risk associated with sideloading applications. By bypassing official app store vetting processes, users expose their devices to software that can masquerade as legitimate services while operating as powerful surveillance tools.