Mehta-owned messaging platform WhatsApp said it has alerted about 200 users who were tricked into installing a fake version of an iOS app infected with spyware.
Most of the targets are in Italy, according to reports from Italian newspaper La Repubblica and news agency ANSA. The attackers behind this activity are credited with using social engineering tactics to trick users into installing malicious software that mimics WhatsApp.
All affected users are logged out and advised to uninstall the malware-infected app and download the official WhatsApp app. WhatsApp has not disclosed who was targeted in these attacks.
The tech giant said it would also take action against Asigint, the Italian subsidiary of spyware company SIO, for allegedly creating a counterfeit version of WhatsApp.
On its website, the company promotes solutions for law enforcement, government, police, and intelligence agencies to monitor suspect activity, gather intelligence, and conduct covert operations.
In December 2025, TechCrunch reported that SIO was behind a series of malicious Android apps that used a spyware family called Spyrtacus to steal personal data from targeted devices while masquerading as WhatsApp and other popular apps. These apps are believed to have been used by government customers to target unknown victims in Italy.
SIO is one of a number of Italian companies selling surveillance tools such as Cy4Gate, eSurv, GR Sistemi, Negg, Raxir and RCS Lab, turning Italy into a “spyware hub”.
Early last year, WhatsApp warned about 90 users that they were being targeted by Paragon Solutions’ spyware known as Graphite. Then, in August 2025, we notified fewer than 200 users who may have been targeted as part of a sophisticated campaign that linked zero-day vulnerabilities in iOS and messaging apps.
The development comes more than a month after a Greek court sentenced Intellexa Consortium founder Tal Dilian and three of his collaborators Sara Hamou, Felix Bitzios and Yiannis Lavranos to prison for their role in the illegal use of the vendor’s Predator spyware to target politicians, business leaders and journalists in the country.
In the wake of the 2022 surveillance scandal known as Predatorgate or Greek Watergate, the European Parliament launched a formal investigation into the use of such tools. However, a new law passed that year legalized government use under strict conditions. In July 2024, the Greek Supreme Court cleared the National Intelligence Service and government officials of any wrongdoing.
“The role of the Greek government, which has consistently denied purchasing or using Predators, remains questionable,” Amnesty International said. “Transparency is an important part of accountability, as well as redress for the many victims of human rights violations brought about by the illegal use of this technology.”
In a statement shared with Reuters late last month, Dillian said he intended to appeal the verdict, adding: “I don’t think a conviction without evidence is justice. It could be part of a cover-up and even a crime.”
Italy and Greece are not the only European countries targeted by spyware technology. Back in January 2026, Spain’s High Court closed an investigation into the use of NSO Group’s Pegasus to spy on Spanish politicians, citing a lack of cooperation from Israeli authorities.
The incident dates back to May 2022, when the Spanish government revealed that spyware from an Israeli company was used to eavesdrop on equipment belonging to Prime Minister Pedro Sánchez and Defense Minister Margarita Robles.
Companies like Intellexa and NSO Group have consistently maintained that their surveillance technology is licensed to governments only for the purpose of combating serious crime and enhancing national security. NSO Group Executive Chairman David Friedman said the company’s tools “in the right hands, in the right countries” would “make the world a safer place.”
Source link
