Meta-owned messaging platform WhatsApp has alerted approximately 200 users in Italy after they were tricked into installing a counterfeit version of its iOS app infected with spyware. According to reports from La Repubblica and ANSA, the threat actors behind the campaign used social engineering techniques to convince users to download the malicious application, which mimicked WhatsApp. All affected users have been logged out, and WhatsApp has advised them to uninstall the compromised apps and download the official version to safeguard their data. Details on the specific identities of the targeted users were not disclosed.
WhatsApp also revealed that it is taking action against Asigint, an Italian subsidiary of the surveillance technology company SIO, for allegedly creating the fake version of its app. Asigint advertises solutions for law enforcement, government agencies, and intelligence services for monitoring and covert operations. The move follows previous incidents involving SIO, which in December 2025 was reported by TechCrunch to have deployed Android apps posing as WhatsApp and other popular services. Those apps, using the Spyrtacus spyware family, were designed to exfiltrate sensitive information from targeted devices, reportedly for a government customer in Italy.
Italy has become a notable center for surveillance tool vendors, with firms such as Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Lab offering spyware solutions. The current WhatsApp incident highlights the persistent risk posed by these technologies to users, particularly when malicious applications are used for social engineering campaigns. Similar incidents have occurred across Europe in recent years. In late 2025, WhatsApp warned around 90 users of targeting by Paragon Solutions’ spyware Graphite, while in August 2025, fewer than 200 users were alerted to attacks involving chained zero-day vulnerabilities in iOS and the messaging platform.
The development follows ongoing legal actions against spyware misuse in Europe. A Greek court recently sentenced Tal Dilian, founder of Intellexa Consortium, and three associates for their involvement in the illegal use of Predator spyware to monitor politicians, journalists, and business figures, a scandal known as Predatorgate. While the European Parliament conducted inquiries into such incidents, a subsequent law legalized government use of these tools under strict conditions. Amnesty International has stressed the importance of transparency and remedies for victims affected by unauthorized surveillance, highlighting ongoing questions about government oversight and the legality of such operations.
Similar concerns have emerged in Spain, where NSO Group’s Pegasus spyware was reportedly used to monitor Spanish politicians, including Prime Minister Pedro Sánchez and Defence Minister Margarita Robles. Companies such as Intellexa and NSO Group maintain that their tools are only licensed to governments for national security and law enforcement purposes. NSO Group’s Executive Chairman David Friedman has argued that these technologies contribute to global safety when deployed responsibly. The WhatsApp case in Italy underscores the continuing challenges of spyware and social engineering in mobile security, demonstrating the risks to individual users even in highly regulated digital environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
