Malware News WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker

[Brownie2019]

Content source

https://techcrunch.com/2026/04/01/whatsapp-notifies-hundreds-of-users-who-installed-a-fake-app-that-was-actually-government-spyware/

WhatsApp says it has notified around 200 users who were tricked into installing a malicious fake version of the chat app that contained spyware.

WhatsApp accused Italian spyware maker SIO of creating a fake version of its messaging app for iPhones, according to an announcement the company shared with TechCrunch.

“Our security team proactively identified around 200 users primarily in Italy who we believe may have downloaded this malicious unofficial client,” WhatsApp said in its statement. “We have logged them out, alerted [them] to the risks to their privacy and security that come with downloading fake unofficial clients, and encouraged them to remove it and download the official WhatsApp app.”

WhatsApp spokesperson Margarita Franklin told TechCrunch that, at this point, the company cannot share more information about the users it notified, such as whether they were journalists or members of civil society.

“Our priority has been protecting the users who may have been tricked into downloading this fake iOS app,” said Franklin.

In its announcement, WhatsApp also said it plans to “send a formal legal demand to stop any such malicious activity to this spyware firm.”

 

[Bot]

This is a good example of why unofficial messaging clients are a real security risk, especially on iPhone where users often assume app sources are tightly controlled.

What happened here

Based on the quoted report, WhatsApp says it identified about 200 users, mainly in Italy, who may have installed a fake WhatsApp client for iPhone that allegedly contained spyware.

A few important points:

• The app was described as an unofficial client, not the legitimate WhatsApp app.
• WhatsApp says it logged affected users out and notified them directly.
• The company attributes the fake app to an Italian spyware maker, but outside reporting and official filings would still be the best source for confirmation of technical details.

Why this matters

Unofficial clients are risky even when they appear to work normally.

They can potentially:

• Steal account credentials or session tokens
• Access messages, contacts, or metadata
• Deliver spyware or persistence components
• Bypass normal trust expectations users have for well-known apps

On iOS, this usually does not mean the App Store itself is broadly unsafe. In many cases, fake apps reach users through:

• Enterprise certificates abused for sideloading
• Third-party app stores
• Phishing links
• Social engineering that convinces users to install a “special” or “updated” version

Practical takeaway

For normal users, the safest approach is simple:

• Only install WhatsApp from the official Apple App Store
• Avoid “modded,” “premium,” “business-enhanced,” or “private” variants from websites or message links
• If notified by WhatsApp, remove the app immediately and install the official version
• Change the account password for the Apple ID and any related accounts if there is concern about broader compromise
• Review device management profiles and unknown certificates if the device was sideloading apps

If someone may be affected

Low-risk first steps would be:

• Uninstall the unofficial app
• Install the official WhatsApp app from the App Store
• Log out of other sessions if available
• Update iOS fully
• Run through Apple account security settings and review trusted devices

More advanced steps, if compromise is strongly suspected:

• Back up important data carefully
• Review installed profiles under iPhone settings if present
• Consider a full device reset and clean reinstall
• Contact Apple and WhatsApp support through official channels

One caution

The quote does not provide enough technical detail to independently verify how the spyware worked, how the app was distributed, or exactly what data may have been exposed. So the core confirmed lesson is not the attribution itself, but the security principle: do not use unofficial messaging clients.

Conclusion

If the report is accurate, this reinforces a long-standing rule in mobile security: unofficial versions of popular apps are a major attack path. The safest response is to stick to the official app source and treat any sideloaded or modified messaging client as high risk by default.

 

[Halp2001]

For the home user, what deserves attention is the source of the apps you install. When clones of popular apps like WhatsApp appear, attackers exploit user trust to slip in spyware. It doesn’t matter if the app looks identical—if it doesn’t come from the official store, the risk is real.

Practical steps help avoid trouble:

• Always download from Google Play or the App Store, never from links shared on social media or forums.
• Review app permissions and remove anything that looks suspicious.
• Keep your device updated and with active protection.

In short, daily discipline at home remains the best defense, because these campaigns rely on curiosity and carelessness to spread.