Meta has issued warnings to hundreds of users after it discovered a malicious version of the WhatsApp chat app was being distributed by an Italian spyware maker.
The Italian group SIO is said to be behind the app which was being used to target iPhone users – although it did not make its way into the official App Store. The fake app was primarily targeting users in Italy, although not exclusively.
As reported by WABetaInfo, the SIO group is a well-known maker of spyware which often produces surveillance tools for intelligence agencies and law enforcement. While the scope of this particular attack was relatively small, there was potential for it to be much more serious and wide-reaching.
In a statement provided to TechCrunch, WhatsApp says:
Our security team proactively identified around 200 users primarily in Italy who we believe may have downloaded this malicious unofficial client. We have logged them out, alerted [them] to the risks to their privacy and security that come with downloading fake unofficial clients, and encouraged them to remove it and download the official WhatsApp app.
WABetaInfo explains how Meta responded to the discovery of the malicious app:
Once the spyware was identified, WhatsApp immediately informed affected users that they were using an unofficial app. WhatsApp has already logged out all identified users from the fake application, and the notification contained information about the privacy and security risks associated with downloading unofficial clients. In the same alert, WhatsApp strongly encouraged these users to remove the malicious app and reinstall the official WhatsApp version from the App Store.
There is much that remains unknown about this incident. While the number and location of those targetted is known, Meta has not shared much in the way of detail about the victim. It is not known, for instance, if this is a general spyware campaign, or one that was designed to target particualr types of user such a journalists or government officials.
What the incident highlights, however, is rthe importance of installing apps from official sources to help minimize the risk of acquriing a malicious versoin of a popualr title.
