Security researchers at Lookout, prompted by a discovery by TechCrunch, have confirmed the existence of a spyware called Spyrtacus that hides behind a copy of WhatsApp. This spyware can intercept text messages and messages from WhatsApp, Signal and Messenger, record calls and ambient sounds, and capture images via the phone's camera.
WhatsApp tricked to spy on users in Italy
The real-fake apps are distributed through websites that mimic those of Italian telecom operators like TIM, Vodafone and WINDTRE — or even WhatsApp itself. They can also be offered through phishing campaigns, via text messages or emails, which contain links to these fake websites. Unlike other sophisticated spyware that exploits zero-day vulnerabilities, Spyrtacus relies primarily on social engineering: it tricks users into voluntarily installing a malicious application via fraudulent sites or phishing links.
While Android users are the primary targets, there is also a Windows version, and there are indications that versions exist for iOS and macOS. It is currently unclear who the users targeted by Spyrtacus are. While the Italian government has not confirmed its involvement, several elements indicate quite clearly that Spyrtacus was used by a national surveillance agency: the language of the malware, the nature of the targets, and the profile of SIO, a listed vendor of spyware for the authorities.
SIO, the creator of the spyware, is an Italian company specializing in the sale of spyware to governments. This company is officially listed as an official supplier of a surveillance product or service (SIOAGENT). On the other hand, malicious apps and websites to trap victims are in Italian and they imitate the services of local operators.
When asked, Google assures that current versions of Spyrtacus are not available in the Play Store. However, variants of the malware were found on Google Play in 2018 before the attackers switched to distribution via malicious sites in 2019. Lookout has identified 13 different versions of Spyrtacus in circulation since 2019, the most recent dating from October 2024. Contacted by TechCrunch, neither SIO nor the Italian authorities wished to comment on the case.
WhatsApp users are often targeted by this type of spyware. Earlier this year, the messaging service warned 90 people — journalists and members of civil society — that their smartphone had been infected with spyware.
Source: TechCrunch
0 Comments