WhatsApp has warned about 200 users who were tricked into downloading a fake version of the app that installed spyware. This incident adds to the ongoing concerns about commercial surveillance tools in Italy.
The operation was run by ASIGINT, a subsidiary of the northern Italian company SIO. The fake app targeted iPhone users and was presented as an unofficial WhatsApp client.
A fake WhatsApp app became the delivery method
TechCrunch reported that WhatsApp’s security team found about 200 users, mostly in Italy, who may have downloaded the fake app. The company logged these users out, warned them about the risks, and advised them to delete the fake app and use the official version.
WhatsApp spokesperson Margarita Franklin said they could not share more details about the affected users yet, including whether any were journalists or civil society members.
Reuters called the campaign highly targeted and said it used deception to get people to install software pretending to be WhatsApp. The report said the victims were not identified, except that most were in Italy.
This incident stands out not just because of the spyware, but because it was delivered through a focused operation aimed at specific people, rather than a mass spam attack.
WhatsApp points to SIO and its subsidiary ASIGINT
WhatsApp directly linked the operation to ASIGINT, a subsidiary of SIO. SIO’s website advertises high-performance, field-proven cyber intelligence solutions and technology. SIO develops government spyware through ASIGINT and that WhatsApp plans to send a formal legal demand to stop what it calls malicious activity.
Italy’s spyware industry is back under the spotlight
This new case comes as Italy is still dealing with earlier surveillance scandals. This is the second time in 15 months that Meta has stopped spyware activity in Italy, mentioning a 2025 case involving spyware from Paragon.
Last year, WhatsApp warned about 90 users, including journalists and pro-immigration activists, that they had been targeted with spyware from Paragon Solutions. That case led to a wider scandal in Italy.
Fake apps are a common tactic in Italy and are often used in surveillance operations. Sometimes, cellphone providers help by sending phishing links to customers for law enforcement.
This background suggests that WhatsApp’s latest warning is part of a recurring pattern in Italy’s spyware scene, not just a one-time event.
A familiar app icon, a much riskier payload
The main takeaway is that spyware campaigns do not always need advanced zero-click exploits to work. Sometimes, a convincing fake app and a list of targets are enough.
WhatsApp’s choice to notify victims, remove access, and threaten legal action shows the company takes this incident seriously, even without naming those affected.
For users, the message is clear: when surveillance software hides behind a trusted app, it is much easier to fall victim.
