WhatsApp Alerts Users of Fake App Containing Spyware

WhatsApp has alerted approximately 200 users who were deceived into installing a malicious imitation of its messaging app, which was embedded with spyware. The Meta subsidiary claims that this counterfeit version was specifically designed for iPhones by the Italian spyware manufacturer SIO. Most of the affected users are located in Italy. In a recent announcement, WhatsApp stated, "We assess that the threat actors behind this malicious client used social engineering tactics to trick people outside of our app into downloading their malicious software masquerading as WhatsApp." The company reassured users that this incident does not stem from any vulnerability within WhatsApp, as end-to-end encryption continues to safeguard communications for those using the official app. WhatsApp has logged out the affected users and urged them to uninstall the fake app and download the legitimate version. The security team at WhatsApp identified the dummy app proactively and attributed its creation to SIO's subsidiary, ASIGINT. SIO has a history of collaborating with law enforcement and intelligence agencies, as noted on its website. The social engineering tactics employed in this incident were described as "highly targeted," though WhatsApp did not disclose specific details about the victims. This incident follows a previous alert from WhatsApp last year, when around 90 users were notified of being targeted with spyware from Paragon Solutions. Notably, Paragon ended its contract with Italy after the government restricted its ability to verify the use of spyware against a prominent journalist. WhatsApp has also taken legal action against spyware maker NSO Group, which was found liable for targeting users with its Pegasus tool.