WhatsApp Spyware Alert: 200 Users Secretly Targeted by a Fake App — Are You Safe?
WhatsApp has confirmed that around 200 users were tricked into installing a fake, spyware-infected version of the app on their iPhones. The malicious app was allegedly created by an Italian government spyware firm. If you downloaded WhatsApp from anywhere other than the official App Store, your privacy may have been compromised. Here is everything you need to know, and what you should do right now.
 |
| Credit: Kirill KUDRYAVTSEV/AFP / Getty Images |
The Fake WhatsApp App That Stole Private Data
Most people trust that the apps on their phones are exactly what they claim to be. That trust was shattered for hundreds of users in Italy who unknowingly installed a counterfeit version of WhatsApp — one secretly engineered to spy on everything they did inside it.
WhatsApp's security team proactively identified approximately 200 users who they believe downloaded this malicious unofficial client. The company moved quickly, logging those users out of the app, alerting them to the privacy and security risks they faced, and urging them to immediately delete the fake version and reinstall the official app.
This was not a random cybercriminal operation. WhatsApp has accused Italian spyware maker SIO of being responsible for building the fraudulent application. SIO is a private company that develops surveillance technology for government clients, and this is far from the first time it has appeared in a major spyware scandal.
Who Is SIO — And Why Should You Be Worried?
SIO is an Italian firm that operates in the shadowy world of government-grade surveillance software. It develops its spyware through a subsidiary known as ASIGINT, and its tools have been marketed to law enforcement and intelligence agencies.
The spyware embedded inside the fake WhatsApp app has been identified under the name Spyrtacus — a word that appeared directly inside the spyware's own code. This same spyware had previously been found in a series of fake Android apps, including counterfeit versions of WhatsApp and fraudulent customer support tools designed to mimic the branding of major cellphone providers.
In other words, SIO has built a pattern of using trusted, everyday app identities as a delivery mechanism for surveillance tools. The goal is straightforward: fool the target into installing something that looks harmless while giving an outside party full access to their private communications.
How Fake Spyware Apps Are Delivered to Targets
Understanding how these fake apps reach ordinary people's phones is critical to protecting yourself. The method used in Italy is a well-documented tactic in government surveillance operations. Targets typically receive phishing links — messages that appear to come from a trusted source, such as their mobile carrier — directing them to download what looks like a legitimate application update or support tool.
Italian authorities have historically relied on collaboration from cellphone providers in this process, who send these deceptive links to customers on behalf of law enforcement agencies. The target clicks the link, installs what they believe is an official app, and unknowingly hands over access to their device.
This technique is especially dangerous because it exploits institutional trust. When a message appears to come from your network provider or a platform you use every day like WhatsApp, your guard naturally drops. That is precisely what these operations count on.
WhatsApp Is Fighting Back — And Taking Legal Action
WhatsApp has not stayed silent. Beyond notifying affected users, the company announced it plans to send a formal legal demand to SIO, ordering the firm to stop all such malicious activity immediately. This marks a significant escalation — a major tech platform directly confronting a government spyware company in the legal arena.
WhatsApp's move echoes a similar stand it took roughly a year earlier, when it notified approximately 90 users that they had been targeted with spyware developed by Paragon Solutions, a surveillance technology company with ties to both the United States and Israel. Those victims included journalists and pro-immigration activists in Italy. The scandal that followed was enormous, ultimately leading Paragon to sever its ties with Italian intelligence agencies that had been its paying customers.
That precedent matters. It shows that public pressure and legal challenges from technology companies can produce real consequences, even in the murky world of government surveillance tools.
Why Journalists and Activists Are at Highest Risk
It is important to note the profile of people typically targeted in these kinds of operations. While WhatsApp has not yet confirmed the identities or professions of the roughly 200 users it recently notified, previous spyware campaigns in Italy disproportionately affected journalists, civil society workers, lawyers, and political activists.
These are individuals whose communications are of strategic value to government actors. A journalist investigating state corruption, an activist organizing opposition to a policy, or a defense lawyer handling a sensitive criminal case — all represent high-value targets for surveillance operations that have both the resources and the legal cover to deploy commercial spyware.
For ordinary users, the risk is lower, but not zero. Spyware campaigns can be broad in their initial reach even when their targets are specific. Anyone who received a suspicious link from what appeared to be their mobile carrier in Italy during this period should take immediate action.
What You Should Do Right Now to Protect Yourself
If there is any chance you may have downloaded an unofficial version of WhatsApp — whether from a link sent via text message, a third-party website, or any source other than the official App Store or Google Play Store — here is what to do immediately.
First, delete any version of WhatsApp you are uncertain about. Second, go directly to the official App Store on your iPhone or Google Play Store on Android, search for WhatsApp, and install it from there only. Third, review any permissions the app has on your device and revoke anything that seems excessive, such as access to your microphone, camera, or location when not in use.
If you were among those notified by WhatsApp directly, follow every instruction in that notification without delay. Change passwords on accounts you accessed from that device, and consider running a full security review of your phone.
Government Spyware Is a Growing Threat
What this story reveals is not just a single bad actor — it reflects a broader, accelerating trend. The commercial spyware industry has grown significantly over the past decade, with dozens of private firms now selling powerful surveillance tools to governments around the world. These tools, once the exclusive domain of national intelligence agencies, are now available for purchase by police departments, immigration enforcement bodies, and other institutions with far less oversight.
The result is a surveillance landscape where private citizens, journalists, activists, and lawyers face a real and present threat to their digital privacy. And because the tools are sold commercially rather than developed in-house by governments, accountability is harder to establish and legal challenges are more complex.
WhatsApp's decision to proactively identify affected users, notify them, and pursue legal action against SIO is a meaningful and necessary response. But it also underscores a disturbing reality: in 2026, simply downloading a messaging app carries privacy risks that most people never imagined.
Your Digital Safety Starts With Where You Download
The line between a safe app and a surveillance weapon can be invisible to the naked eye. As government spyware makers grow more sophisticated in how they disguise malicious software, the single most powerful defense any user has is discipline about their download sources.
Only ever install apps from official, verified app stores. Never click download links sent via text message or email, even if the sender appears legitimate. And when a company like WhatsApp reaches out to warn you — take it seriously immediately.
Privacy is not just a technical issue anymore. It is a personal safety issue. And in Italy, as this case proves, it can be a matter of who is listening to your most private conversations without you ever knowing.
