In a shocking revelation, a TechCrunch exclusive has exposed that SIO, an Italian spyware company, has been secretly deploying malware disguised as WhatsApp and other popular apps to infiltrate devices and steal user data. The spyware, dubbed Spyrtacus, has been linked to Italian government agencies, raising serious privacy and security concerns.
How the Spyware Operates?
Security experts at Lookout and Google discovered that Spyrtacus operates by covertly embedding itself in fake apps that, once installed, grant hackers access to:
- Private messages from WhatsApp, Signal, and Facebook Messenger.
- Contacts and personal details stored on the device.
- Live call recordings and ambient audio via the microphone.
- Photos and videos captured through the device’s camera.
Who Is Behind Spyrtacus?
Lookout researchers traced Spyrtacus back to SIO, an Italian spyware vendor allegedly supplying Italian law enforcement agencies. The malware was distributed through fraudulent websites impersonating popular Italian telecom providers TIM, Vodafone, and WINDTRE.
Timeline:
- 2018: Spyware first infiltrated Google Play.
- 2019: SIO shifted to distributing malware through fake telecom websites.
- 2020-2022: Multiple versions of Spyrtacus were uncovered in the wild.
- 2024: The latest sample was detected on October 17, 2024.
Was It on Google Play?
Google has confirmed that no current apps with Spyrtacus exist on Google Play, and protections against this malware have been in place since 2022. However, cybersecurity firm Kaspersky revealed that older versions of the spyware were previously available on Google Play until 2019, before switching to direct downloads from fraudulent sites.
Kaspersky’s findings indicate that Windows, macOS, and iOS versions of Spyrtacus may exist, potentially expanding the spyware’s reach far beyond Android devices.
Despite the severity of these revelations, neither the Italian government nor the Ministry of Justice has responded to requests for comments on their alleged use of Spyrtacus.
