Home News Spyrtacus Italian Government spyware can steal text messages, as well as chats from Facebook Messenger, Signal, and WhatsApp
News

Spyrtacus Italian Government spyware can steal text messages, as well as chats from Facebook Messenger, Signal, and WhatsApp

270

Italian spyware developer SIO has been linked to a series of malicious Android applications designed to steal private data from users, including text messages and chats from popular messaging platforms like WhatsApp, Signal, and Facebook Messenger. This revelation, reported by TechCrunch, comes amid ongoing concerns over the use of sophisticated government spyware in Italy.

Last year, a security researcher alerted TechCrunch to three suspicious Android apps that were suspected to be government spyware targeting unidentified individuals. Following analysis by Google and mobile security firm Lookout, it was confirmed that these apps contained spyware.

The spyware, identified as Spyrtacus, uses tactics such as impersonating popular applications and customer support tools from major mobile providers. Lookout’s analysis revealed that Spyrtacus possesses capabilities characteristic of government spyware, including the ability to steal messages, exfiltrate contacts, record phone calls, capture ambient audio, and take images through the device’s cameras, as well as chats from Facebook Messenger, Signal, and WhatsApp.

The spyware’s origins trace back to SIO, an Italian company that supplies spyware to the Italian government. With the apps and distribution websites primarily in Italian, it is likely that Italian law enforcement agencies have employed this spyware.

Lookout’s researcher, Kristina Balaam, discovered 13 different samples of Spyrtacus in the wild, with the oldest sample dating back to 2019. Some of these samples impersonated apps from Italian telecom providers TIM, Vodafone, and WINDTRE. Google stated that no apps containing this malware are available on the Google Play store, emphasizing that Android has had protections against it since 2022.

Additionally, Kaspersky reported that the distribution of Spyrtacus began on Google Play in 2018 but transitioned to malicious websites in 2019. There are also indications of versions for Windows, iOS, and macOS. The exact targets of this spyware remain unclear.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...