A new investigation has revealed that SIO, an Italian spyware company, has been distributing malicious Android apps that masquerade as popular apps like WhatsApp.
These apps, designed to steal private data, are believed to have been used by government agencies, potentially for surveillance purposes.
Key Findings in the Spyware Discovery
Spyrtacus Spyware: The malicious apps contain spyware known as Spyrtacus, which is capable of stealing text messages, chats from messaging platforms like WhatsApp, Facebook Messenger, and Signal, and can also record phone calls, capture photos, and even record ambient audio via the device’s microphone.
Targeting Technique: Unlike more sophisticated spyware that exploits vulnerabilities remotely, SIO’s approach was to develop fake apps that appeared as legitimate services, like WhatsApp and customer support tools for telecom providers. These apps were hosted on fake websites that resembled those of Italian telecom companies.
Government Connection: The spyware is linked to Italian law enforcement, as some of the apps and websites used to distribute the spyware were in Italian. However, the specific targets of the malware remain unclear.
Prolonged Distribution: The Spyrtacus malware has been active since at least 2019, with 13 different versions found in the wild. Initially distributed via Google Play, the apps later moved to malicious websites to avoid detection.
SIO’s Background: SIO is part of a long history of Italian companies known for developing spyware for government clients. These companies, like Hacking Team, Cy4Gate, and RCS Lab, have sold surveillance tools worldwide, often to law enforcement and intelligence agencies.
While Spyrtacus has not been found on Google Play recently, experts urge users to be cautious and to ensure their devices are secure from malicious apps.
The full extent of the spyware’s use and the identities of the government clients behind it remain under investigation.
