Beware! WhatsApp Warns Of Fake App Laced With Spyware, Warns 200 Users

Meta has issued security alerts to nearly 200 iPhone and Android users after discovering they had been tricked into downloading a malicious, spyware-laced imitation of WhatsApp, with the trail leading back to an Italian surveillance company.

According to ANSA, Italy's national news agency, Meta issued warnings to approximately 200 iPhone and Android users, the majority of them Italian, who fell victim to a social engineering attack that led them to install a counterfeit version of WhatsApp. The bogus application was designed to mimic the real messaging platform while secretly compromising users' devices.

WhatsApp moved swiftly once the threat was identified. The company's security team logged the affected users out of their accounts and sent them direct warnings about the privacy and security risks they faced. In a statement to ANSA, WhatsApp said it believed the incident was "a social engineering attempt targeting a limited number of users, aimed at convincing them to install malicious software that mimicked WhatsApp, likely to gain access to their devices."

WhatsApp has taken action against Asigint

WhatsApp confirmed it has taken action against Italian spyware firm Asigint, which is controlled by Sio Spa and is believed to be responsible for the attack. The case marks a significant escalation in scrutiny of commercial spyware operators, putting an Italian company squarely in the spotlight alongside previously exposed surveillance vendors.

The fake application was not distributed through official channels such as the Google Play Store or Apple's App Store, but through third-party channels that are less tightly controlled. The precise distribution method, whether through older certificate-based installs or newer sideloading avenues opened up by digital market regulations, remains unclear.

WhatsApp was categorical that its own platform was not compromised. The company stressed that the incident did not involve any vulnerability in WhatsApp itself, but was instead the result of users being manipulated into installing an unofficial, malicious client. No details about the identities of victims, or what data may have been accessed, have been made public.