WhatsApp Alerts Users of Fake App Containing Spyware
WhatsApp found out that some people downloaded a fake version of its app that had spyware in it. They told those users to delete the fake app and use the real one instead. The fake app was made by a company that sells spying tools to the government.
WhatsApp has alerted users about a fake app that contained spyware, created by the Italian firm SIO. The company is taking legal action to prevent further distribution of such malicious software.
What Happened
WhatsApp has alerted approximately 200 users who were misled into downloading a counterfeit version of its iOS app, which was infected with spyware. The malicious app was created by SIO, an Italian spyware manufacturer, and primarily targeted users in Italy. WhatsApp's security team proactively identified the threat and logged out the affected users, advising them to uninstall the fake app and download the official version.
Who's Affected
The majority of the impacted users are located in Italy, although WhatsApp has not disclosed specific identities or whether the victims include journalists or civil society members. The company emphasized that this incident did not stem from a vulnerability in WhatsApp itself, as end-to-end encryption continues to protect users of the official app.
The Flaw
The counterfeit app utilized social engineering tactics to deceive users into installing it, masquerading as the legitimate WhatsApp application. This tactic is part of a broader strategy employed by SIO, which markets its spyware solutions to law enforcement and intelligence agencies.
What's at Risk
Users who installed the fake app risked exposure of their personal data and communications, which could be monitored by the spyware embedded within the counterfeit application. The spyware, identified as Spyrtacus, has been linked to previous incidents involving malicious Android applications that also targeted users under the guise of legitimate services.
Legal Actions
In response to this breach, WhatsApp is pursuing legal action against SIO and its subsidiary ASIGINT for creating and distributing the malicious app. This follows a pattern of similar incidents where SIO has been implicated in deploying spyware via counterfeit applications.
Immediate Actions
WhatsApp has taken immediate steps to protect its users by logging them out of the malicious app and sending alerts regarding the risks associated with downloading unofficial clients. Users are strongly encouraged to uninstall any suspicious applications and ensure they are using the official WhatsApp app to maintain their privacy and security.
Context
This incident follows a troubling trend in Italy, where government agencies have been known to collaborate with cellphone providers to distribute phishing links to users. The use of spyware against targeted individuals, including journalists and human rights advocates, has raised significant concerns about privacy and surveillance practices in the country. Just last year, WhatsApp notified around 90 users about being targeted by spyware from Paragon Solutions, highlighting ongoing issues with surveillance technology in Europe.