Meta Warns 200 iPhone Users in Italy After Fake WhatsApp App Installs Government-Grade Spyware
Nairobi, 2 April 2026
Meta has alerted approximately 200 users, primarily in Italy, who downloaded a malicious fake WhatsApp application containing sophisticated spyware on 31 March 2026. The fraudulent app, created by Italian surveillance firm Asigint, was distributed outside official app stores and granted attackers complete access to victims’ devices, including private messages, contacts, and camera data. WhatsApp immediately logged out affected users and is pursuing legal action against the spyware manufacturer, marking the second major surveillance operation disrupted in Italy within 15 months.
The Surveillance Operation Uncovered
The fake WhatsApp application was designed to conduct highly targeted surveillance operations against specific individuals [1]. According to WhatsApp’s investigation, the malicious software impersonated the legitimate messaging platform and was distributed through what the company described as ‘less controlled third party channels’ rather than official app stores [2]. The spyware, previously identified as ‘Spyrtacus’ in security investigations, possessed extensive capabilities including access to private messages, contacts, microphone recordings, and camera data [3]. WhatsApp spokesperson Margarita Franklin emphasised that ‘protecting affected users has been always a priority’ following the discovery of this sophisticated attack [3].
Italian Surveillance Firm Behind the Attack
WhatsApp identified the Italian surveillance company ASIGINT, a subsidiary of SIO, as the entity responsible for the malicious campaign [1]. SIO describes itself on its website as offering ‘high-performance, field-proven cyber intelligence solutions and technology’ and states that it works with ‘Law Enforcement Agencies, Government Organizations, Police and Intelligence Agencies’ [1]. The company did not immediately respond to Reuters’ requests for comment regarding the spyware operation [1]. WhatsApp has announced plans to send a formal legal demand to SIO, requiring the Italian spyware manufacturer to cease all malicious activity targeting its users [3].
Pattern of Surveillance Activities in Italy
This incident represents the second major surveillance operation that Meta has publicly disrupted in Italy within a 15-month period [1]. In 2025, Meta had previously taken action against spyware activity in the country, and Italy continues to deal with fallout from an earlier surveillance operation involving spyware from US-owned company Paragon [1]. Around March 2025, WhatsApp alerted approximately 90 users, including journalists and pro-immigration activists, about spyware developed by Paragon Solutions, a US-Israeli company [3]. Italy and Paragon have since ended their business relationship following these revelations [1].
How to Protect Yourself from Fake Apps
WhatsApp has issued clear guidance for users to protect themselves from similar attacks in the future. The company strongly advises users to download applications only from official sources such as the Apple App Store, TestFlight, or Google Play Store [3]. Users should verify the authenticity of apps before installing them and be particularly cautious of messaging apps downloaded from unofficial channels [1]. WhatsApp confirmed that this attack did not exploit any vulnerability in its official platform, emphasising that the threat came entirely from the fraudulent application distributed outside legitimate app stores [2]. Users who may have downloaded suspicious messaging applications should immediately delete them and reinstall the official WhatsApp version from authorised app stores [3].