{"id":234579,"date":"2026-04-04T02:43:09","date_gmt":"2026-04-04T07:43:09","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/whatsapp-alerts-200-users-after-fake-ios-app-installed-spyware-italian-firm-faces-action"},"modified":"2026-04-04T02:43:09","modified_gmt":"2026-04-04T07:43:09","slug":"whatsapp-alerts-200-users-after-fake-ios-app-installed-spyware-italian-firm-faces-action","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/whatsapp-alerts-200-users-after-fake-ios-app-installed-spyware-italian-firm-faces-action","title":{"rendered":"WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/whatsapp-alerts-200-users-after-fake-ios-app-installed-spyware-italian-firm-faces-action2.jpg\"><\/a><\/p>\n<p>In December 2025, TechCrunch <a href=\"https:\/\/thehackernews.com\/2025\/02\/thn-weekly-recap-from-15b-crypto-heist.html#:~:text=Italian%20Spyware%20Maker%20Linked%20to%20Malicious%20WhatsApp%20Clones\">reported<\/a> that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and other popular apps but stole private data from a target\u2019s device using a spyware family called Spyrtacus. The apps are believed to have been used by a government customer to target unknown victims in Italy.<\/p>\n<p>SIO is one of the many Italian companies selling surveillance tools, including Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Lab, turning the country into a \u201c<a href=\"https:\/\/therecord.media\/how-italy-became-an-unexpected-spyware-hub\">spyware hub<\/a>.\u201d<\/p>\n<p>Early last year, WhatsApp <a href=\"https:\/\/thehackernews.com\/2025\/02\/meta-confirms-zero-click-whatsapp.html\">alerted<\/a> around 90 users that they were targeted with Paragon Solutions\u2019 spyware known as Graphite. Then, in August 2025, it <a href=\"https:\/\/thehackernews.com\/2025\/08\/whatsapp-issues-emergency-update-for.html\">notified<\/a> less than 200 users who may have been targeted as part of a sophisticated campaign by chaining together zero-day vulnerabilities in iOS and the messaging app.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In December 2025, TechCrunch reported that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and other popular apps but stole private data from a target\u2019s device using a spyware family called Spyrtacus. The apps are believed to have been used by a government customer to target unknown victims in Italy. [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1490,1511],"tags":[],"class_list":["post-234579","post","type-post","status-publish","format-standard","hentry","category-government","category-surveillance"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=234579"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234579\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=234579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=234579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=234579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}