Meta has issued a warning to WhatsApp users about a malicious counterfeit version of its application designed to install spyware on iPhones. The company alleges the fake app was created by SIO, an Italian commercial surveillance firm, to deploy sophisticated spyware against a targeted group of users, primarily located in Italy.
The warning was detailed in Meta's Q3 2023 Adversarial Threat Report. According to the report, the attack does not exploit a vulnerability in WhatsApp itself. Instead, it relies on social engineering to trick individuals into downloading and installing the malicious application from a source outside of Apple's official App Store, a practice known as side-loading. These deceptive links are often sent via text message or email.
Once installed, the application deploys spyware, believed to be a variant of "Hermit." This malware gives attackers extensive control over an infected device. Its capabilities include exfiltrating call logs, contacts, photos, and location data. The spyware can also secretly activate the device's microphone to record ambient audio and steal data from other messaging applications.
Meta stated it has taken action to disrupt SIO's infrastructure and has removed accounts associated with the firm from its platforms. This incident is part of a wider effort by major tech companies to combat the growing surveillance-for-hire industry, which sells powerful hacking tools to government agencies.
Users are strongly advised to download applications only from official sources like the Apple App Store or Google Play Store. Scrutinizing unsolicited links, even if they appear to be from a trusted contact, remains a critical defense. While a VPN cannot prevent malware installation from a deceptive link, it is a foundational tool for encrypting internet traffic and masking a user's location from other online threats.
