WhatsApp Warns 200 Users of Spyware-Infected Fake App

WhatsApp has alerted approximately 200 users, primarily in Italy, after discovering a sophisticated spyware campaign that utilized a fake version of its iOS app. The Meta-owned messaging platform identified the malicious app and took action to protect affected users, logging them out and recommending they uninstall the fake software and download the official version.

The discovery, first reported by Italian newspaper La Repubblica and news agency ANSA, reveals a targeted effort to compromise user devices with spyware. WhatsApp has accused Italian spyware maker SIO, a subsidiary of SIO, of creating the counterfeit app. The company plans to pursue legal action against SIO to halt further malicious activity.

Fake App Distributed via Social Engineering

According to WhatsApp, the attackers employed social engineering tactics to trick users into installing the malicious app. The fake app mimicked the legitimate WhatsApp application, potentially leading users to believe they were downloading a trusted update or version. The tech giant did not disclose details about who was specifically targeted in the attacks, but confirmed the majority of affected users are located in Italy.

SIO and Spyrtacus Spyware

This isn’t the first time SIO has been linked to malicious activity. In December 2025, TechCrunch reported that SIO was responsible for a set of malicious Android apps that masqueraded as WhatsApp and other popular applications. These apps contained a spyware family called Spyrtacus, designed to steal private data from targeted devices. The apps were believed to have been used by a government customer to target individuals in Italy.

“Our security team proactively identified around 200 users primarily in Italy who we believe may have downloaded this malicious unofficial client,” WhatsApp said in a statement shared with TechCrunch.

WhatsApp spokesperson Margarita Franklin

WhatsApp spokesperson Margarita Franklin also stated that the company is prioritizing the protection of users who may have been tricked into downloading the fake iOS app and cannot share further information about the targeted individuals at this time, such as whether they were journalists or members of civil society.

Italy: A “Spyware Hub”

The incident highlights Italy’s growing reputation as a “spyware hub,” with numerous companies involved in the development and sale of surveillance tools. Besides SIO, other Italian firms such as Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Lab are known to offer surveillance technologies to law enforcement, government organizations, and intelligence agencies.

This latest incident follows a similar case from early last year, where WhatsApp alerted around 90 users that they were targeted with Paragon Solutions’ spyware, known as Graphite. The increasing prevalence of these attacks underscores the growing threat of commercially available spyware and the challenges faced by messaging platforms in protecting user privacy and security.

WhatsApp has urged all users to ensure they are downloading the official app from the official App Store to avoid falling victim to similar attacks. The company continues to invest in security measures to detect and prevent the distribution of malicious software and protect its users from surveillance threats.