WHATSAPP has uncovered a malicious fake version of its app developed by Italian firm Asigint, a subsidiary of SIO Spa, targeting roughly 200 users, most of them in Italy. The unofficial client contained spyware and was not available in official stores such as the Apple App Store or Google Play, with WhatsApp noting that the attackers relied on social engineering to persuade people to download it.
Around 200 users were logged out and alerted to the privacy and security risks, and they were advised to remove the fake app and reinstall the official version; WhatsApp emphasised that this was not a vulnerability in WhatsApp itself and that end-to-end encryption remained intact.
According to WhatsApp, the campaign appeared to be highly targeted and linked to a broader investigation, rather than a mass-distribution attack, and the company intends to issue a formal legal notice to cease all harmful activity by Asigint. The case illustrates how counterfeit apps are used as a tool for spyware and why vigilance and legal accountability remain essential in mobile security.