Skip to content

Italian firm SIO exposed for deploying malicious WhatsApp-like spyware

  • by
  • 3 min read

Italian spyware manufacturer SIO has been identified as the developer behind a malicious Android application, dubbed Spyrtacus, that is disguised as popular services like WhatsApp and designed to steal private data from targeted devices.

A security researcher provided TechCrunch with three Android apps suspected of being government spyware. Upon analysis, both Google and Lookout security firm confirmed these apps were indeed surveillance tools, identifying it as Spyrtacus, a sophisticated spyware program capable of exfiltrating text messages, chat data from messaging platforms like WhatsApp, Signal, and Facebook Messenger, contact lists, and even recording audio and imagery via the device’s microphone and camera.

The spyware’s distribution is highly targeted, with the apps and associated websites presented in Italian, suggesting use by domestic law enforcement. However, it remains unclear who the victims of this campaign are.

Google has assured that no known Spyrtacus-infected apps exist on the Play Store and that Android has included protections against this malware since 2022. However, last year, Kaspersky reported that earlier versions of Spyrtacus were once distributed through Google Play before shifting to malicious third-party sites impersonating telecom providers.

Photo: trismegist san / shutterstock. Com
Governments are the primary customers of spyware using it to target opposition or human rights defenders or for general surveillance purposes. | Photo: Trismegist san / Shutterstock.com

Italy houses several spyware firms, with companies like Hacking Team, Cy4Gate, eSurv, and RCS Lab producing surveillance tools used worldwide. Like previous spyware campaigns, Spyrtacus was distributed through fake apps mimicking legitimate services, including those of telecom providers TIM, Vodafone, and WINDTRE.

Lookout traced the spyware’s command-and-control infrastructure to ASIGINT, a subsidiary of SIO specialising in computer wiretapping services. Public records confirm ASIGINT’s connection to SIO, further solidifying the link between the spyware and its developers.

Additionally, researchers found Neapolitan dialect phrases embedded in Spyrtacus source code, hinting at possible development origins in southern Italy.

Just like SIO in Italy, there are several other tech firms solely devoted to producing spyware. Examples include Intellexa, Cytrox, Variston, NSO Group, Negg Group. Usually, the spyware customers include high-profile private citizens or in most cases, the government.

However, researchers are still unable to find out which government customer was behind the use of Spyrtacus.

In the News: Chinese hackers exploit Cisco devices in 100 countries including India

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of cyber security hacked breach

Case study reveals Chinese hackers spent over 300 days in US electricity grid

This is an image of iphone with apple logo

Match Group, AIDF denied Apple’s confidential antitrust data

Photo: ascannio / shutterstock. Com

X’s outage can’t be traced by researchers and Musk alike

This is an image of malware featured security

DPRK’s KoSpy spyware targets SK, India, Russia, and Middle East

This is an image of honey featured 1

Google updates Chrome Extension policy after Honey scam

This is an image of apple featured 220923

Apple patches critical zero-day exploit targeting iPhones and iPads

>