Roughly 200 WhatsApp users have been notified that they were tricked into downloading a fake version of the chat program's iOS application that contained spyware.
According to Italian media reports from La Repubblica and ANSA, the vast majority of the victims are located in Italy. The attackers used social engineering tactics to convince targets to download and install the bogus app, which closely mimicked the legitimate WhatsApp application.
All affected users have been logged out of their accounts. WhatsApp is advising them to immediately uninstall the malicious app and download the official version from the Apple App Store. The company has not disclosed specific details about the individuals targeted.
WhatsApp stated it is taking legal action against Asigint, an Italian subsidiary of the spyware vendor SIO. The company openly advertises surveillance solutions to law enforcement, police, and intelligence agencies for monitoring suspects and gathering intelligence.
SIO has previously been associated with fraudulent mobile applications. In December 2025, TechCrunch reported that the firm was behind a set of malicious Android apps disguised as WhatsApp and other popular services. Those apps reportedly delivered a spyware family called Spyrtacus and were allegedly used by a government customer to target victims in Italy.
Italy has become something of a “spyware hub” in Europe, home to multiple companies, including Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Lab — that develop and sell surveillance tools.
Recent Alerts of WhatsApp Spyware
The recent warning from WhatsApp forms part of a continuing series of spyware alerts in previous years:
1. Jan 2025: almost 90 of their users were warned about targeted spyware (Graphite) from Paragon Solutions.
2. Aug 2025: Less than 200 users received notice of an extensive sophisticated spyware operation using several (up to 8) zero-day vulnerabilities in IoS and WhatsApp.
Wider European Context
The issues are consistent with worries about misuse of commercial spyware across Europe. Just last month a Greek court found Tal Dilian (founder of the Intellexa Consortium) and 3 associates guilty of committing multiple criminal acts in the implementation of Predator spyware against journalists, politicians, and business leaders. This is sometimes referred to as Predatorgate or Greek Watergate.
Amnesty International continues to call for the need for more transparency and accountability of law enforcement agencies who have illegally surveilled citizens as many victims lack proper remedies.
In Spain, the investigation about the use of NSO Group's Pegasus spyware against PM Pedro Sánchez and Defense Minister Margarita Robles was closed in January 2026 due to lack of co-operation from Israeli authorities.
NSO Group and Intellexa state that their products are sold exclusively to government agencies in order to combat serious and terrorist crimes, and that such products will be used responsibly by their customers. However, the WhatsApp incident illustrates how much spyware vendors and their government customers can violate the public's confidence in popular messaging applications. Therefore, for those who operate in high-risk environments, including journalists, activists, or government officials, it is critical that they exercise due diligence when installing or updating applications.
If you receive a WhatsApp notification about any virtual or fictitious application installation, please refer to their recommendations, which advise you to remove this application immediately and only to reinstall from the Apple App Store or Google Play Store.
Source: The Hacker News
