According to TechCrunch, it’s alleged that Italian spyware maker SIO has been distributing malicious Android apps designed to masquerade as WhatsApp and other widely used applications while covertly harvesting sensitive data from targeted devices.
The spyware, dubbed ‘Spyrtacus,’ has been operating undetected for years, raising fresh concerns about government-backed surveillance tools and the extent of their reach.
It’s been reported that the discovery was triggered late last year when a security researcher provided TechCrunch with three suspicious Android apps, believed to be government spyware used in Italy. Following independent analyses by Google and mobile security firm Lookout, it was confirmed that these apps contained spyware designed to infiltrate users’ devices. Spyrtacus has been found capable of stealing text messages, social media chats, and contact details, recording calls and ambient audio, and even taking images via a device’s cameras.
SIO, the company behind the spyware, is an Italian firm that sells surveillance tools to the Italian government. Lookout has reported that Spyrtacus samples were found to be embedded within apps mimicking popular services, including those belonging to Italian mobile providers TIM, Vodafone, and WINDTRE. It’s alleged that these fraudulent applications were distributed through malicious websites disguised as official sources. While Google confirmed that no versions of this malware exist on its Play Store, a 2024 report by Kaspersky suggests that earlier versions were available there in 2018 before moving to independent distribution channels.
The spyware appears to have been used in a highly targeted campaign, but the identities of those affected remain unclear. Given that the apps and distribution sites were in Italian, security analysts believe that law enforcement agencies in Italy were the likely operators of the campaign. The scandal comes amid separate allegations that Israeli spyware firm Paragon provided sophisticated surveillance tools used against journalists and NGO founders in Italy.
Kristina Balaam, a researcher at Lookout, revealed that 13 distinct Spyrtacus samples had been identified, with the earliest dating back to 2019 and the most recent traced to October 2024. The continued presence of these samples across multiple years highlights the persistence of state-sponsored spyware and its evolving distribution methods. Also, Kaspersky researchers report finding indications of a Windows version of Spyrtacus and possible variants for iOS and macOS, suggesting a broader cross-platform surveillance effort.
Despite multiple requests for comment, neither SIO nor its senior executives, including CEO Elio Cattaneo, CFO Claudio Pezzano, and CTO Alberto Fabbri, have responded to the allegations. Also, the Italian government and Ministry of Justice have remained silent on the issue, leaving major questions unanswered about the scope and legality of such surveillance operations. The case adds to growing concerns about the global spyware industry and the blurred lines between national security and invasive digital espionage.
What Does This Mean For Your Business?
The allegations against SIO and its Spyrtacus spyware highlight growing concerns over state-backed surveillance and the ethical boundaries of digital espionage. While governments often justify such tools for security purposes, the secrecy surrounding their use raises serious questions. The knowledge of the deployment of spyware disguised as legitimate apps undermines public trust and exposes broader cybersecurity risks.
For UK businesses, this case is a reminder of the dangers posed by sophisticated malware. While not direct targets, organisations handling sensitive data must remain vigilant against similar threats. The methods used, i.e. malicious websites and fake applications, demonstrate vulnerabilities that cybercriminals could exploit.
More widely, this case reflects the unchecked expansion of the spyware industry. With no accountability from SIO or the Italian government, concerns grow over how such tools can be used without oversight. Stronger international regulations are needed to balance security with the protection of civil liberties, or the lines between lawful surveillance and invasive digital monitoring will only continue to blur.