Meta warns iPhone users of Italian spyware campaign disguised as WhatsApp: Here’s what you need to know

WhatsApp has warned around 200 users who were tricked into downloading a malicious version of the app that contained spyware. According to Italy’s Agenzia Nazionale Stampa Associata (ANSA), the malicious software was developed by an Italian surveillance company SIO that develops surveillance tools for governments via its subsidiary ASIGINT.

The social media giant says that around 200 users were victims of a social engineering attack that tricked them into installing this malicious version of WhatsApp.

In a statement to ANSA, Meta said, “Our security team identified around 200 users, most of them in Italy, who we believe may have downloaded this unofficial and malicious client. We logged them out and warned them about the privacy and security risks. […] We believe this was a social engineering attempt targeting a limited number of users, aimed at convincing them to install malicious software that mimicked WhatsApp, likely to gain access to their devices.”

The company also told TechCrunch that it plans to send a formal legal demand to the spyware firm in order to stop any malicious activity.

Meta, however, did not reveal any details about the users who were affected by the attack or what data was accessed.

WhatsApp spokesperson Margarita Franklin, while speaking to TechCrunch, said, “Our priority has been protecting the users who may have been tricked into downloading this fake iOS app.”

How did the attack work?

As per Italian publication La Repubblica, the malicious WhatsApp application was not distributed via official channels like the Google Play Store or Apple’s App Store but via third-party channels.

The victims were convinced to download a modified version of the WhatsApp app while presenting it as a legitimate version of WhatsApp. Once the fake app was installed on the victims’ devices, the software allowed external actors to gain access to the data on their phone.

What is ASIGINT?

ASIGINT is a company specialising in infrastructure and software development for cyber-intelligence. The company has reportedly been previously linked to spyware known as Spyrtacus.

The spyware affected various Android devices last year, masquerading as fake versions of WhatsApp along with fake customer support tools to steal private data from victims’ devices.

The malware was reportedly able to intercept phone calls, activate the microphone, and use the camera on the victims’ devices.

As per its website, ASIGINT has been described as “specialised in the design, development and installation of technological and innovative solutions in the cybersecurity field”.