WhatsApp has notified approximately 200 users — primarily in Italy — that they were tricked into installing a fake version of the messaging app containing government spyware, as reported by TechCrunch. The company has attributed the malicious app to Italian surveillance firm SIO and indicated it plans to pursue legal action.
What happened
WhatsApp said its security team proactively discovered that users had downloaded a malicious unofficial iOS client built by SIO, an Italian company that develops government spyware through its subsidiary ASIGINT. The company logged out affected users, warned them about privacy risks, and urged them to delete the fake app and reinstall the official version.
A WhatsApp spokesperson said the company could not yet share whether those targeted were journalists or civil society members, stating that the priority has been protecting affected users. WhatsApp also announced plans to send a formal legal demand to SIO.
A familiar playbook
The incident is the latest in a pattern of fake app-based surveillance operations linked to Italian authorities. TechCrunch previously revealed that SIO was behind a series of malicious Android apps containing spyware dubbed Spyrtacus, including fake customer support tools for cellphone providers. Italian authorities have frequently relied on cooperation from mobile carriers, who send phishing links to customers on behalf of law enforcement.
Italian newspaper La Repubblica and news agency ANSA first reported the story.
Italy’s recurring surveillance scandals
This disclosure arrives roughly a year after WhatsApp alerted users that they had been targeted by spyware made by U.S.-Israeli firm Paragon Solutions. Those notifications were sent to journalists and pro-immigration activists in Italy, triggering a significant political scandal that led Paragon to sever its contracts with Italy’s intelligence agencies.
The recurrence is notable. Two separate commercial spyware vendors, two different technical approaches, the same country — and, critically, the same institutional infrastructure enabling deployment. As Silicon Canals has previously covered, government surveillance tools have a pattern of operating beyond their intended scope.
The structural picture
Italy’s position as a recurring epicentre of commercial spyware abuse is not accidental — it is the predictable output of specific institutional conditions. The country maintains one of Europe’s most permissive legal frameworks for lawful interception, with Italian prosecutors historically granted broad authority to deploy surveillance tools during investigations. That legal latitude, combined with a fragmented oversight structure where judicial authorisation often occurs at the local level with minimal centralised review, creates an environment where spyware vendors face few meaningful checks on how their products are used.
SIO’s own website makes the commercial logic explicit: the company works with law enforcement agencies, government organizations, police, and intelligence agencies. But the deeper problem is the supply chain that enables distribution. When telecom carriers cooperate with law enforcement to push phishing links directly to customers, and when app stores fail to catch weaponised clones of popular software, surveillance capabilities become embedded within the everyday systems people trust most. The vendor doesn’t need to compromise a device through a sophisticated zero-day exploit — they just need a convincing-looking app and a cooperative carrier.
This is what makes the Italian case structurally instructive beyond its borders. The Paragon scandal last year demonstrated that severing a single vendor’s contract does nothing to disrupt the underlying demand. Italian agencies simply turned to a domestic supplier with a different product. The market replaces vendors faster than regulators or courts can sanction them, because the institutional incentives — prosecutorial demand for surveillance tools, a profitable vendor ecosystem, and fragmented judicial oversight — remain intact regardless of which company fills the contract.
Apple and SIO did not respond to requests for comment. WhatsApp’s legal threat against SIO marks another front in Meta’s broader campaign against the commercial spyware industry, following its lawsuit against NSO Group. But the evidence from Italy suggests that litigation alone, no matter how aggressive, functions primarily as a tax on individual vendors rather than a constraint on the market itself. Until the institutional conditions that generate demand — permissive legal frameworks, fragmented oversight, and cooperative telecom infrastructure — are reformed at the regulatory level, we should expect the next Italian surveillance scandal to arrive on roughly the same schedule as the last two.
Feature image by RDNE Stock project on Pexels
