WhatsApp Warns Users About Fake App Linked to Government Spyware
- WhatsApp, the Meta-owned messaging platform, has notified approximately 200 users that they were tricked into installing a malicious fake version of its app designed to deploy spyware.
- The discovery underscores growing concerns about sophisticated social engineering tactics used to distribute government-grade spyware, particularly against high-risk individuals such as journalists, activists, and members of civil society.
- According to WhatsApp’s statement, the fake app was not distributed through official app stores but was instead installed outside of Apple’s App Store ecosystem.
WhatsApp Alerts 200 Users Targeted by Fake App Linked to Italian Spyware Firm
WhatsApp, the Meta-owned messaging platform, has notified approximately 200 users that they were tricked into installing a malicious fake version of its app designed to deploy spyware. The company attributed the scheme to Italian surveillance firm SIO, which allegedly created the counterfeit iOS application to target users primarily in Italy.
The discovery underscores growing concerns about sophisticated social engineering tactics used to distribute government-grade spyware, particularly against high-risk individuals such as journalists, activists, and members of civil society.
How the Fake App Operated
According to WhatsApp’s statement, the fake app was not distributed through official app stores but was instead installed outside of Apple’s App Store ecosystem. The company clarified that the incident did not exploit any vulnerability in WhatsApp’s official software, emphasizing that end-to-end encryption remained intact for users of the legitimate app.
“We assess that the threat actors behind this malicious client used social engineering tactics to trick people outside of our app into downloading their malicious software masquerading as WhatsApp,” WhatsApp said in its announcement. The company did not disclose the specific methods used to lure victims but described the campaign as “highly targeted.”
Once installed, the fake app could potentially monitor communications, access device data, and compromise user privacy. WhatsApp’s security team proactively identified the affected users, logged them out of their accounts, and sent alerts urging them to uninstall the malicious software and reinstall the official WhatsApp app.
SIO’s Role and Past Allegations
The fake app has been linked to SIO, an Italian company that markets surveillance tools to law enforcement and intelligence agencies. The firm’s website describes itself as a “partner” to government organizations, though its practices have drawn scrutiny in the past.
In 2025, cybersecurity investigations revealed that SIO had previously distributed spyware through fake Android apps, including counterfeit versions of WhatsApp and customer support tools for mobile carriers. The spyware, identified in code as “Spyrtacus,” was designed to infiltrate devices and exfiltrate sensitive data.
WhatsApp has stated it plans to take legal action against SIO to prevent further malicious activity. A spokesperson for the company told TechCrunch that while the current investigation is ongoing, WhatsApp cannot yet confirm whether the targeted users included journalists or civil society members.
“Our priority has been protecting the users who may have been tricked into downloading this fake iOS app.”
Margarita Franklin, WhatsApp spokesperson
Broader Implications for User Security
The incident highlights the risks of sideloading apps or installing software from unofficial sources, even on platforms with strict security measures like iOS. While Apple’s App Store review process is designed to block malicious software, users who bypass these protections—such as by installing enterprise certificates or third-party app stores—remain vulnerable to such attacks.
WhatsApp’s response reflects a growing trend among tech companies to proactively notify users of potential security breaches. In January 2026, the platform also alerted around 90 users who were targeted by “Graphite,” a separate spyware tool developed by Israeli firm Paragon Solutions. These notifications are part of a broader effort to combat the misuse of surveillance technology, which has increasingly been used to target high-profile individuals.
For users, the incident serves as a reminder to verify the authenticity of apps before installation. WhatsApp recommends downloading its software only from official app stores or its website, and to be wary of any prompts to install alternative versions of the app.
What Comes Next
WhatsApp has not disclosed whether it will pursue criminal charges against SIO or its subsidiary, ASIGINT, which was specifically named in the company’s announcement. Legal experts suggest that such cases often face challenges due to jurisdictional issues and the secretive nature of the surveillance industry.
Meanwhile, cybersecurity researchers are likely to continue monitoring SIO’s activities, particularly given the company’s history of developing spyware for both Android and iOS devices. The incident also raises questions about the accountability of firms that sell surveillance tools to governments, some of which have been accused of using such technology to target dissidents and political opponents.
For now, WhatsApp has urged affected users to remain vigilant and report any suspicious activity. The company has also reiterated its commitment to strengthening security measures to detect and mitigate similar threats in the future.
Key Takeaways for Users
- Only download WhatsApp from official app stores or the company’s website.
- Be cautious of apps that mimic popular services, especially those distributed outside official channels.
- If notified by WhatsApp about a security issue, follow the company’s instructions to secure your account.
- Enable two-factor authentication and regularly update your device’s software to reduce vulnerabilities.
- Report suspicious apps or messages to WhatsApp’s support team.