Italian spyware vendor SIO has been identified as the creator of Spyrtacus, a spyware that was distributed in the guise of popular Android apps in a campaign that started as early as 2018, TechCrunch reports. Security researchers confirmed the malware’s nature after analyzing samples that mimicked popular apps such as WhatsApp as well as cellphone provider customer support tools. The spyware, which has likely been used by the Italian government, can steal text messages, chats from Facebook Messenger, Signal, and WhatsApp, as well as record calls, access contacts, and capture images and audio. The most recent sample of Spyrtacus dates back to October 2024. While early versions appeared on Google Play, later versions were distributed through fake websites mimicking Italian telecom providers TIM, Vodafone, and WINDTRE. Google stated that its Play Store does not currently contain apps with this malware and that protections have been in place since 2022. It remains unclear who the spyware’s targets are. The news comes amid revelations of a global spyware campaign conducted by Paragon Solutions that targeted journalists and civil society members.
Get essential knowledge and practical strategies to fortify your applications.