Italian Spyware Firm SIO Linked to Malicious Android Apps Targeting WhatsApp Users

SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed.

Late last year, a security researcher provided TechCrunch with three Android apps, alleging they were government spyware used in Italy. 

Upon investigation, Google and cybersecurity firm Lookout confirmed that these apps were indeed spyware. This discovery highlights the expanding landscape of government surveillance, with numerous companies employing varied methods to target individuals.

Italy is already embroiled in a separate spyware scandal involving Israeli firm Paragon, whose sophisticated surveillance tool allegedly targeted journalists and NGO founders. 

In contrast, the SIO-linked spyware campaign relied on a more straightforward approach—disguising malicious Android apps as well-known communication and customer service applications.

Lookout researchers identified the malware as Spyrtacus, a spyware capable of stealing text messages, chats from WhatsApp, Signal, and Facebook Messenger, recording calls, capturing ambient audio and camera images, and extracting contact information. 

Their analysis confirmed that SIO was responsible for creating and distributing Spyrtacus, with samples dating back to 2019. Some variants impersonated apps from Italian telecom providers

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.