Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware.
According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It’s assessed that the threat actors behind the activity used social engineering tactics to get users to install malicious software that mimicked WhatsApp.
All the affected users have been logged out and have been recommended to uninstall the malware-laced apps and download the official WhatsApp app. WhatsApp did not reveal who was targeted in these attacks.
The tech giant said it’s also taking action against Asigint, an Italian subsidiary of spyware company SIO, for allegedly creating a counterfeit version of WhatsApp.
On its website, the company advertises solutions to law enforcement agencies, government organizations, and police and intelligence agencies for monitoring suspect activities, gathering intelligence, or conducting covert operations.
In December 2025, TechCrunch reported that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and other popular apps but stole private data from a target’s device using a spyware family called Spyrtacus. The apps are believed to have been used by a government customer to target unknown victims in Italy.
SIO is one of the many Italian companies selling surveillance tools, including Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Lab, turning the country into a “spyware hub.”
Early last year, WhatsApp alerted around 90 users that they were targeted with Paragon Solutions’ spyware known as Graphite. Then, in August 2025, it notified less than 200 users who may have been targeted as part of a sophisticated campaign by chaining together zero-day vulnerabilities in iOS and the messaging app.
The development comes a little over a month after a Greek court sentenced Tal Dilian, the founder of the Intellexa Consortium, and three associates, Sara Hamou, Felix Bitzios, and Yiannis Lavranos, to prison for their role in the illegal use of the vendor’s Predator spyware to target politicians, business leaders, and journalists in the country.
The 2022 surveillance scandal, dubbed Predatorgate or Greek Watergate, prompted the European Parliament to launch a formal inquiry into the use of such tools. However, a new law passed that year has since legalized government use under strict conditions. In July 2024, the Greek Supreme Court cleared the state intelligence service and government officials of wrongdoing.
“Questions remain about the role of the Greek government, which has consistently denied purchasing or using Predator,” Amnesty International said. “Transparency is a crucial part of accountability – as is remedy for the many victims of the human rights violations brought about by the unlawful use of this technology.”
In a statement shared with Reuters late last month, Dilian said he intends to appeal the decision, adding, “I believe a conviction without evidence is not justice, it could be part of a cover-up and even a crime.”
Italy and Greece are far from the only European countries to be caught in the spyware technology’s crosshairs. Back in January 2026, Spain’s High Court closed its probe into the use of NSO Group’s Pegasus to spy on Spanish politicians, citing a lack of cooperation from Israeli authorities.
The case dates to May 2022, when the Spanish government disclosed that the Israeli company’s spyware had been used to eavesdrop on devices belonging to Prime Minister Pedro Sánchez and Defence Minister Margarita Robles.
Companies like Intellexa and NSO Group have consistently maintained that their surveillance technology has only been licensed to governments to fight serious crimes and bolster national security. NSO Group’s Executive Chairman David Friedman said the “world is a far safer place” when the company’s tools “are in the right hands within the right countries.”