Meta has alerted around 200 users after attackers tricked them into installing a fake version of WhatsApp that carried spyware, and the company says the incident relied on social engineering rather than any flaw in its platform, which raises fresh concerns about how easily users can fall for unofficial app downloads that look legitimate.
ANSA reports that most of the affected users are in Italy, and the attack pushed them to install a malicious WhatsApp client through third-party channels instead of official app stores, which allowed the spyware to gain access to their devices without triggering standard protections.
WhatsApp confirmed the incident and shared a detailed statement explaining how it handled the situation.
“Our security team identified around 200 users, most of them in Italy, who we believe may have downloaded this unofficial and malicious client. We logged them out and warned them about the privacy and security risks. […] We believe this was a social engineering attempt targeting a limited number of users, aimed at convincing them to install malicious software that mimicked WhatsApp, likely to gain access to their devices.” — WhatsApp
The company logged affected users out of their accounts and warned them about “privacy and security risks,” while also urging them to remove the fake app and reinstall the official version.
Spyware linked to Italian firm
TechCrunch reports that WhatsApp has taken action against Italian spyware firm SIO, which operates through its subsidiary ASIGINT and is believed to be behind the attack, with the company planning legal steps to stop further activity.
The fake app spread through “less controlled third-party channels,” though the exact method remains unclear, and investigators have not confirmed what data, if any, attackers accessed during the campaign.
WhatsApp maintains that the incident involved an unofficial client and not a vulnerability in its service, which reinforces its warning that users should only install apps from trusted sources to avoid similar attacks.
