A security operation conducted by Meta has uncovered a campaign of espionage that affected about 200 users, the vast majority residing in Italy.
The victims were induced, through sophisticated social engineering techniques, to download and install on their smartphones a counterfeit version of the famous messaging application WhatsApp.
This software, though apparently identical to the original, actually concealed a government surveillance tool.
Meta unmasks fake version of WhatsApp; it was Italian spyware
Behind the creation of this counterfeit application lies ASIGINT, a software company specializing in cyber-intelligence and controlled by SIO Spa, Cantù’s historic company that provides interception systems to law enforcement.
Meta clarified from the outset that the official WhatsApp infrastructure and its end-to-end encryption had not suffered any breach. The success of the attack was entirely based on the manipulation of the victims, pushed to download the malicious program outside verified digital stores, such as Apple’s App Store or Google Play Store.
The Spyrtacus trap and the role of operators
The malware embedded in the counterfeit application is known to security experts as Spyrtacus. Its earliest traces date back to 2019, but the most recent version, designed to specifically target Apple’s iOS devices, was identified at the end of 2024.
Once the user inadvertently grants permissions to the fake app, Spyrtacus begins to operate in a completely invisible way. The software is able to steal chat history, the call log, SMS and contacts, even secretly turning on the camera and microphone to record the surrounding environment.
The distribution mechanism of this threat is particularly insidious. Based on the reconstructions provided, law enforcement authorities can request the collaboration of telecom operators, who send their customers messages containing fraudulent links.
The victim receives on their phone a notification that seems to come from their network provider, urging them to perform a so-called WhatsApp update.
This dynamic effectively turns mobile networks into a vector for the installation of surveillance tools, available at extremely low costs.
It is estimated that law enforcement agencies could rent these technologies for around 150 euros per day.
The Italian anomaly in state surveillance
The discovery of this fake client represents the second case in just over a year in which WhatsApp has been forced to publicly denounce the actions of a surveillance company active in Italy.
Already at the beginning of 2025, Meta had warned around 90 people, including journalists and activists, of being targeted by Paragon Solutions, a company whose technology was used by national intelligence services, sparking strong political and institutional reactions.
The Italian regulatory framework, which specifically and formally regulates the use of the so-called computer intercept device, has favored the proliferation of numerous companies specialized in this delicate commercial sector.
Unlike in other Western democracies, ease of access and reduced costs allow not only large intelligence agencies but also local police forces to commission targeted digital surveillance operations.
The privacy protection intervention
As soon as the threat was identified, Meta's security team acted promptly by disconnecting the affected users from the compromised client, to immediately interrupt the data flow to external servers.
Victims received a detailed warning about privacy risks, accompanied by a strong recommendation to delete the fraudulent software to return to using only the secure application.
Simultaneously, the California-based company announced its intention to issue a formal cease-and-desist to ASIGINT, ordering the cessation of any harmful activity.
This move fits into a broader legal strategy that sees Meta at the forefront against the spyware industry, a path already marked by the heavy lawsuit filed in the past against the Israeli company NSO Group.
