Prosecutors Suspend Government Spyware Used in WhatsApp Phishing Attacks


Thread author
Staff member
Malware Hunter
Jul 27, 2015
Prosecutors in Italy suspended the use of malware made by a company that was involved in an apparent attempt to infect targets with a fake version of WhatsApp.

On Wednesday, Italian newspaper Il Fatto Quotidiano reported that the prosecutor’s office in Naples had ordered its employees to stop using surveillance technology made by SIO and Cy4gate, a company that was linked to a series of malicious phishing pages, one of which purported to be a WhatsApp download site, as Motherboard reported last week. Sources with knowledge of the suspension confirmed the news to Motherboard. The two sources, who asked to remain anonymous to discuss sensitive law enforcement matters, said the suspension was due to a serious malfunction in how the malware works. In some cases, when a law enforcement operator tasked the malware with exfiltrating data from a target’s phone, it would pop up a notification, which could tip off the target that they are under surveillance, according to the sources. The suspension, however, does not have anything to do with the WhatsApp phishing pages, the source said.
Law enforcement authorities in Italy, especially in cases involving organized crime, rely heavily on wiretaps and spyware that can be installed on targets' phones. This has made Italy one of the biggest markets for so-called lawful interception technologies in the last few years. First, there was Hacking Team, then Negg, eSurv, and now Cy4gate. But this is not the first time that authorities find problems with their surveillance providers. In 2019, after Motherboard revealed that another spyware maker had published several malicious apps on the Google Play Store, potentially putting several innocent people under surveillance