Around 200 users worldwide were scammed by an Italian surveillance firm ASIGINT that created a fake version of WhatsApp with spyware, which will monitor users. WhatsApp’s parent company, Meta Platforms, received intel on the operation and campaigns and identifications that the attackers were using deception to trap users. Most targeted users by attackers were from Italy.
Key Takeaways:
- The Italian company SIO’s subsidiary ASIGINT built a counterfeit app on WhatsApp to track user behavior.
- Some 200 users were targeted in this surveillance operation, most of them in Italy.
- The counterfeit app intended to capture personal and private data instead of providing the legitimate app.
- For the second time in 15 months, Meta has blocked Italian firms’ spyware activities.
- The Google Play and Apple App Store listings are the only locations users should obtain these apps.
ASIGINT is a part of SIO, a company located in Northern Italy. On their website, SIO claims to offer cyber intelligence solutions for law enforcement, governmental, and intelligence agency customers. According to WhatsApp, this particular campaign was highly targeted, meaning that the attackers focused on specific individuals, not the general public. The surveillance company used a counterfeit version of the application, which enabled them to monitor communications and other sensitive information on the affected devices.
The case illustrates a trend in which private entities create and commercialize mechanisms to monitor the usage of mobile phones. Recently, this has been the second major case in Italy. In early 2025, Meta blocked yet another surveillance operation that utilized spyware from a US-based company, Paragon. After that event, Italy terminated its partnership with Paragon. The current case with ASIGINT demonstrates that the market for surveillance remains alive.
The Italian Ministry of the Interior and local law enforcement agencies have not commented specifically on the report. SIO has not responded to inquiries about the activities of its associated company. Although the current victims are predominantly located in Italy, the techniques associated with app spoofing and the dissemination of spyware remain a perennial threat.
For Indian users, the information above serves to inform them about the dangers of downloading apps from unreliable sites. Many users of WhatsApp are familiar with the “Pro” or “Golden” editions of the app and have downloaded them. These applications are and may contain malware that tracks location, reads privileged conversations, and monitors calls.
Account security requires the most careful use of WhatsApp. Therefore, downloading the app and updates from unreliable sources is highly discouraged. The Play Store or the App Store implement security updates to counter the most common (known) attacks. Ignoring update requests from outside the official app store is, therefore, highly encouraged.
Frequently Asked Questions
Q1: What is ASIGINT?
A1: ASIGINT is an Italian technology company that focuses on cyber intelligence. It is owned by SIO, a firm that sells surveillance tools to law enforcement and government agencies.
Q2: How did the spyware get onto phones?
A2: The attackers used a fake version of WhatsApp. They tricked users into downloading this “bogus” app, which looked like the real one but contained malicious code to monitor the device.
Q3: Are WhatsApp users in India at risk from this firm?
A3: The report says the current campaign primarily targeted people in Italy. However, the method of using fake apps can be used anywhere. Users in India should avoid downloading WhatsApp from unofficial websites.
Q4: How can I tell if my WhatsApp is official?
A4: The official WhatsApp app is published by WhatsApp LLC or Meta on the Google Play Store and Apple App Store. If you downloaded the app from a website or a third-party store, it might be a fake version
