New Delhi: WhatsApp has notified its users about the existence of an advanced spyware that was installed on their devices through a rogue copy of its iOS application. Upon identifying the threat, the company reported that it has already informed about 200 of the affected users, the majority of them located in Italy. The attack underscores the fact that criminals are turning to social engineering instead of technical weaknesses to breach devices.
According to WhatsApp, the fake app was not distributed through official channels like the App Store. Rather, it probably fooled the users into downloading it by pretending with phishing links. The company stressed that its official application is safe and this attack was aimed at the people who have installed unofficial ones.
Fake WhatsApp app used as spyware delivery tool
WhatsApp also reported that the malicious app was created to look like a genuine client with the hidden purpose of installing spyware. According to TechCrunch reports, there were connections between the app and an Italian surveillance device company, called SIO, which creates surveillance devices used by government agencies.
After installation, the spyware had access to sensitive information, such as messages, contacts, microphone recordings, and camera usage. The malware, which was earlier determined as part of Android research as Spyrtacus, works without the knowledge of the user; hence, it is very dangerous.
WhatsApp logs out users, urges immediate action
Once the threat was detected, WhatsApp removed the users out of the counterfeit application and sent notifications stating the risks. The notice advised the users to uninstall the unauthorised app and install the authorised one through the reliable sources.
According to TechCrunch, a WhatsApp spokesperson, Margarita Franklin, said that the security of users is the priority of the company. Nevertheless, she refused to reveal more information regarding her targeted people, including the presence of journalists or activists among them.
Legal action planned against spyware firm
WhatsApp also admitted that it is going to issue a formal legal notice to SIO, which will require the company to cease its malicious actions. The spyware company has an alleged subsidiary named ASIGINT and develops monitoring equipment for the police and the intelligence community.
The growth contributes to increasing questions on the abuse of commercial spyware and the firms that manufacture it.
Italy at the centre of recurring spyware cases
This is not the first case of spyware related to Italy. WhatsApp warned about 90 users, including journalists and pro-immigration activists, who were being targeted with spyware created by Paragon Solutions last year, as TechCrunch was first to report. The expos caused a huge scandal that forced the company to sever its connections with clients in Italy.
The previous cases have also revealed how fraudulent apps and phishing links are widely resorted to by surveillance actors in the region, which are usually indirectly facilitated through telecom channels.
WhatsApp ensured that the attack did not use any vulnerability in its platform. Those who downloaded the app only through the official stores such as the App Store or Google Play were not harmed.
The company cautioned that criminals usually alter legitimate applications by injecting spyware and subsequently sell them via unofficial markets. They can attract users with alleged security problems or provide additional functions.
The incident is a wakeup call to users not to sideload apps and to be vigilant of the unsolicited links, in particular, when invited to install an app or update it.