Meta has uncovered and disrupted a targeted spyware campaign that used a fake WhatsApp application to compromise users’ devices.
The operation has been attributed to ASIGINT, an Italian cyber-intelligence firm now facing formal action from the tech giant.
The findings were disclosed yesterday following an internal investigation by Meta’s security team, which identified a malicious client masquerading as the official WhatsApp application. According to statements given by WhatsApp to Italian media outlets, including La Repubblica and ANSA, the campaign relied on social engineering tactics to trick users into installing the trojanized app outside official distribution platforms like Google Play and Apple’s App Store.
Meta said the attackers approached targets with convincing narratives, presenting the spyware-laced application as a legitimate or updated version of WhatsApp. Once installed, the modified client enabled unauthorized access to sensitive data stored on victims’ devices. The company emphasized that the attack did not exploit any vulnerability in WhatsApp itself, and that its end-to-end encryption remains intact for users of the official app.
ASIGINT, the company linked to the operation, is based in Cantù, Italy, and operates under SIO S.p.A., a firm historically involved in lawful interception and surveillance technologies for government use. On its website, ASIGINT describes itself as specializing in the design and deployment of advanced cybersecurity and intelligence solutions, placing it within a controversial segment of the tech industry often associated with spyware development.
Meta’s response included both technical and legal countermeasures. The company proactively identified around 200 affected users, disconnected their accounts from the malicious client, and issued security notifications advising them to remove the software immediately. It also announced plans to send a formal cease-and-desist letter to ASIGINT, signaling potential legal escalation.
La Repubblica
The campaign appears to have been highly targeted rather than widespread, suggesting a deliberate effort to compromise specific individuals rather than indiscriminate mass infection. Meta described the activity as a “limited but focused” social engineering attempt designed to gain persistent access to victims’ smartphones.
This is not the first time ASIGINT has been associated with surveillance malware. In 2025, security researchers uncovered a spyware strain dubbed Spyrtacus, reportedly linked to the same company. That malware was capable of extracting SMS messages and chats from platforms including WhatsApp, Signal, and Facebook Messenger, while also accessing contacts, intercepting calls, activating microphones for ambient recording, and capturing images via the device camera.
Leave a Reply