WhatsApp warns users of fake app used to distribute spyware

WhatsApp said Wednesday that it has alerted about 200 users that they were duped into installing a dummy version of the app that was infected with spyware.

The Meta subsidiary alleges that Italy’s SIO spyware manufacturer designed the phony app specifically for iPhones. Most of the impacted users are in Italy, according to a WhatsApp announcement.

“We assess that the threat actors behind this malicious client used social engineering tactics to trick people outside of our app into downloading their malicious software masquerading as WhatsApp,” the announcement said.

“We want to be clear: this was not a WhatsApp vulnerability – end-to-end encryption continues to protect communications of people who are using WhatsApp's official apps.”

WhatsApp has logged out the 200 affected users and alerted them to the “risks to their privacy and security that come with downloading fake unofficial clients, and encouraged them to remove it and download the official WhatsApp app,” the announcement said.

The messaging app said its security team “proactively” identified the dummy app and blamed the SIO subsidiary ASIGINT for creating it.

SIO says on its website that it is a “partner” of law enforcement, government organizations and police and intelligence agencies.

WhatsApp said the social engineering tactics used were “highly targeted,” but a spokesperson did not elaborate on who the victims were.

The news was first reported by the Italian newspaper La Repubblica.

SIO and Apple did not immediately respond to requests for comment.

SIO has been accused of similar tactics in the past. TechCrunch reported last year that SIO had created several Android apps infected with spyware.

Last January, WhatsApp said it had notified about 90 users that they were targeted with Paragon Solutions’ spyware known as Graphite. Several of the known victims of that targeting are journalists and human rights defenders.

Paragon ended its contract with Italy after the government refused to let it independently verify that authorities there did not use the spyware to infect a prominent journalist’s phone.

WhatsApp also sued spyware maker NSO Group in 2019 for allegedly using its platform as a vector to target about 1,400 users with its Pegasus tool. 

In December 2024, a Northern California federal judge found NSO liable for targeting the WhatsApp users with spyware.