Italian spyware producer SIO, notorious for providing surveillance tools to government entities, has been linked to a series of deceptive malicious Android apps. These apps pose as popular platforms like WhatsApp, aiming to steal private data from unsuspecting users, TechCrunch has exclusively revealed.
In a significant discovery late last year, a security researcher shared three suspicious Android apps with TechCrunch, suspecting them to be government spyware used in Italy against unidentified victims. Upon investigation by Google and mobile security firm Lookout, these apps were confirmed to be spyware.
This revelation highlights the expansive nature of the government spyware industry, both in the number of companies involved and the diverse techniques employed to target individuals.
Recently, Italy has been embroiled in a scandal involving the alleged use of a sophisticated spying tool by Israeli spyware maker Paragon. This spyware, capable of remotely targeting WhatsApp users, was allegedly used against a journalist and NGO founders active in the Mediterranean region.
The malicious app samples analyzed, shared with TechCrunch, were developed and distributed to mimic popular apps like WhatsApp and customer support tools offered by cellphone providers. Lookout researchers identified the Android spyware as Spyrtacus, named after a code found within an older malware sample.
Spyrtacus exhibits all the characteristics typical of government spyware. It can infiltrate and extract text messages, chats from platforms like Facebook Messenger, Signal, and WhatsApp, contact information, and even record phone calls and ambient sounds through the device’s microphone.
According to Lookout, all samples of the Spyrtacus spyware were traced back to SIO, an Italian company known for supplying spyware to the Italian government. The apps and distribution websites utilize the Italian language, suggesting usage by Italian law enforcement agencies.
Neither the Italian government nor SIO responded to TechCrunch's requests for comments. Attempts to contact SIO’s CEO Elio Cattaneo and other executives were also unsuccessful.
Italy has a long history of hosting government spyware companies. SIO joins a list of firms including Cy4Gate, eSurv, and others, whose spyware products have been scrutinized by security researchers for targeting individuals globally.
Lookout discovered command-and-control servers associated with the spyware registered to ASIGINT, a subsidiary of SIO, further implicating SIO in the development and deployment of Spyrtacus.
Despite substantial evidence pointing to SIO, questions remain about the specific government customer involved in deploying Spyrtacus and the identity of its targets. The ongoing investigation continues to shed light on the complex world of government spyware and its impacts on privacy and security.
