Overview
- Meta confirmed the scheme and alerted affected iPhone users, then forced logouts for accounts that entered credentials in the fake app.
- The counterfeit WhatsApp carried surveillance code reported to be built by Italian vendor SIO, which researchers have linked to the Spyrtacus malware family.
- Attackers spread the app through links and websites rather than Apple’s store, pointing to social engineering instead of an iOS flaw.
- Meta said it plans to sue SIO after identifying about 200 victims, with most of the affected users located in Italy.
- Previous reporting says the spyware can read chats and contacts and turn on the camera and microphone, and coverage suggests the low victim count reflects targeted surveillance.