Recently, Meta — the parent company of WhatsApp — issued security alerts to about 200 users after discovering a sophisticated spyware campaign that used a fake WhatsApp application to install surveillance software on iPhones. The incident, which mainly affected users in Italy, highlights how attackers are increasingly using deceptive techniques rather than software vulnerabilities to compromise devices and invade privacy.
Unlike traditional malware that exploits bugs or coding flaws, this attack relied on clever social engineering — tricking users into sideloading an app that looked like the official WhatsApp but was anything but legitimate. Here’s what we know about the campaign, how it worked, who may be behind it, and what users can do to stay safe.
How the Spyware Operated
The spyware operation did not exploit a vulnerability in WhatsApp or iOS itself. Instead, attackers created a counterfeit WhatsApp client — a piece of software that looked and behaved like the real thing — and convinced targeted users to install it. When installed, this fake app contained embedded spyware capable of harvesting sensitive data.
Meta’s security team identified around 200 victims, most of whom were in Italy, who downloaded the malicious version. Once the campaign was detected, Meta logged these users out of their accounts and issued warnings about the serious privacy and security risks that come with installing unofficial apps.
Social engineering played a central role in the attack. Instead of distributing the fake app through trusted sources like Apple’s App Store or Google Play Store, threat actors used less controlled third‑party channels, making the installation appear legitimate to unsuspecting victims.
Once installed, the spyware could potentially access a wide range of personal information — from messages and contacts to location, photos, and even audio recordings — posing a serious threat to user privacy.
What Is ASIGINT?
The spyware campaign has been linked to an Italian surveillance tech company called ASIGINT, which operates as a subsidiary of SIO Spa, a firm that promotes intelligence and surveillance solutions for government and law enforcement agencies.
ASIGINT’s offerings suggest that its tools are designed for government or institutional use, but in this case, one of its products was repurposed (or misused) to target regular WhatsApp users under the guise of an app update. Reports indicate that the malicious code — identified in some samples as Spyrtacus — has been around in various forms since 2019, sometimes disguised as other popular apps.
The campaign marks at least the second instance where Meta has had to intervene against spyware operations tied to Italian firms. It follows previous disclosures involving surveillance vendors like Paragon Solutions, which targeted journalists and activists.
Why iPhone Users Are at Risk
iOS is widely regarded as a secure platform, in part because Apple tightly controls its App Store. However, this restriction can be bypassed through social engineering if users install apps from third-party sources—especially outside official app stores.
In this case, victims were tricked into installing fake software not from the App Store but via links or downloads presented as legitimate WhatsApp updates. Once sideloaded, the fake app could run on the device like any other program, collecting data and potentially transmitting it back to its operators.
This kind of attack underscores the fact that security is only as strong as user behavior. Even a secure operating system cannot protect users if they knowingly (or unknowingly) install malicious software.
How Meta Responded
Meta’s response was swift once the fake app was detected. The company:
- Identified and logged out affected users.
- Warned them about the spyware risks.
- Encouraged deletion of the fake app and reinstallation of the official version.
- Is reportedly preparing legal action against the spyware vendor.
Meta emphasized that the attack did not compromise WhatsApp’s encryption or servers — the spyware bypassed security by posing as the app rather than breaking into the platform itself.
How to Protect Yourself
This incident is a stark reminder that vigilance is key to digital security. Here are steps users should follow:
- Only download apps from trusted sources: Official app stores like Apple’s App Store are vetted for security. Avoid third‑party links and downloads.
- Check app permissions: Be wary if an app requests unnecessary access to your microphone, camera, or personal data.
- Enable two‑factor authentication: Layers of security can help prevent unauthorized access.
- Stay updated: Always install the latest official updates for your apps and phone OS.
Conclusion
This spyware incident highlights how attackers are shifting tactics toward deception and social engineering to exploit users. Even with robust platform defenses, users must remain cautious — especially when it comes to downloading and installing apps that mimic trusted brands.
As surveillance technology becomes more sophisticated and accessible, companies like Meta and Apple are increasingly tasked with not just building secure platforms, but also educating users on how to defend themselves in a rapidly evolving digital threat landscape.