BREAKINGON

Italian Spyware Masquerading as WhatsApp Apps Stealing Private Data

2/13/2025
Discover how Italian spyware maker SIO is behind malicious Android apps posing as WhatsApp and stealing private data. Learn about the surveillance techniques used and the ongoing spying scandal in Italy.
Italian Spyware Masquerading as WhatsApp Apps Stealing Private Data
Learn how Italian spyware from SIO targets users by masquerading as popular apps like WhatsApp, stealing private data. Uncover the surveillance tactics used by government agencies in an ongoing spying scandal.

Italian Spyware Maker SIO Implicated in Malicious Android Apps Targeting Users

Italian spyware producer SIO, notorious for providing surveillance tools to government entities, has been linked to a series of deceptive malicious Android apps. These apps pose as popular platforms like WhatsApp, aiming to steal private data from unsuspecting users, TechCrunch has exclusively revealed.

Discovery and Analysis of Spyware

In a significant discovery late last year, a security researcher shared three suspicious Android apps with TechCrunch, suspecting them to be government spyware used in Italy against unidentified victims. Upon investigation by Google and mobile security firm Lookout, these apps were confirmed to be spyware.

This revelation highlights the expansive nature of the government spyware industry, both in the number of companies involved and the diverse techniques employed to target individuals.

Italy’s Ongoing Spyware Scandal

Recently, Italy has been embroiled in a scandal involving the alleged use of a sophisticated spying tool by Israeli spyware maker Paragon. This spyware, capable of remotely targeting WhatsApp users, was allegedly used against a journalist and NGO founders active in the Mediterranean region.

Details of the Malicious Apps

The malicious app samples analyzed, shared with TechCrunch, were developed and distributed to mimic popular apps like WhatsApp and customer support tools offered by cellphone providers. Lookout researchers identified the Android spyware as Spyrtacus, named after a code found within an older malware sample.

Spyrtacus exhibits all the characteristics typical of government spyware. It can infiltrate and extract text messages, chats from platforms like Facebook Messenger, Signal, and WhatsApp, contact information, and even record phone calls and ambient sounds through the device’s microphone.

SIO’s Role and Lack of Response

According to Lookout, all samples of the Spyrtacus spyware were traced back to SIO, an Italian company known for supplying spyware to the Italian government. The apps and distribution websites utilize the Italian language, suggesting usage by Italian law enforcement agencies.

Neither the Italian government nor SIO responded to TechCrunch's requests for comments. Attempts to contact SIO’s CEO Elio Cattaneo and other executives were also unsuccessful.

Historical Context and Implications

Italy has a long history of hosting government spyware companies. SIO joins a list of firms including Cy4Gate, eSurv, and others, whose spyware products have been scrutinized by security researchers for targeting individuals globally.

Lookout discovered command-and-control servers associated with the spyware registered to ASIGINT, a subsidiary of SIO, further implicating SIO in the development and deployment of Spyrtacus.

Unanswered Questions and Future Implications

Despite substantial evidence pointing to SIO, questions remain about the specific government customer involved in deploying Spyrtacus and the identity of its targets. The ongoing investigation continues to shed light on the complex world of government spyware and its impacts on privacy and security.

Breakingon.com is an independent news platform that delivers the latest news, trends, and analyses quickly and objectively. We gather and present the most important developments from around the world and local sources with accuracy and reliability. Our goal is to provide our readers with factual, unbiased, and comprehensive news content, making information easily accessible. Stay informed with us!
© Copyright 2025 BreakingOn. All rights reserved.