VulnHub

Real-time Cybersecurity News

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

Security Affairs
Actively Exploited

Overview

WhatsApp has taken action against a fake version of its app created by the Italian spyware vendor SIO/Asigint, which targeted around 200 users, primarily in Italy. This malicious app was designed to install spyware on users' devices, compromising their privacy and security. WhatsApp is urging affected users to uninstall the fake app and reinstall the official version to protect themselves from potential data breaches. The incident serves as a reminder of the dangers posed by unofficial apps, which can often carry hidden threats. Users need to be vigilant and ensure they download apps only from trusted sources to avoid similar risks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: WhatsApp, SIO/Asigint
  • Action Required: Users are advised to uninstall the fake app and reinstall the official WhatsApp application.
  • Timeline: Newly disclosed

Original Article Summary

WhatsApp blocked a fake app by Italian firm SIO/Asigint that targeted 200 users with spyware, urging them to reinstall the official app. WhatsApp has recently uncovered a malicious fake version of its app that targeted roughly 200 users, most of whom are in Italy. The platform confirmed that the unofficial client contained spyware and was […]

Impact

WhatsApp, SIO/Asigint

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users are advised to uninstall the fake app and reinstall the official WhatsApp application.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Thousands of API credentials exposed on public websites

SCM feed for Latest

A recent study conducted by researchers from Stanford University, the University of California, Davis, and TU Delft revealed that thousands of API credentials have been exposed on public websites. Using a tool called TruffleHog, the researchers scanned various sites and discovered sensitive information that could be exploited by malicious actors. This exposure poses significant risks as attackers could gain unauthorized access to systems and data. The findings underscore the need for companies to implement better security practices, such as using environment variables and secure storage solutions for API keys. The research serves as a warning for developers and organizations to regularly audit their code and remove any sensitive information from public repositories.

Apr 2, 2026

CrystalRAT malware-as-a-service offers remote access and prankware features

SCM feed for Latest

CrystalRAT is a new type of malware that has emerged in 2023, functioning as a malware-as-a-service platform. It operates on a subscription model, allowing users to access its capabilities, which include remote access to infected systems and features designed for pranks. Researchers from Kaspersky have noted that CrystalRAT bears a strong resemblance to an earlier malware called WebRAT. This is concerning as it lowers the barrier for entry for cybercriminals, enabling even those with limited technical skills to launch attacks. The rise of such services poses a growing threat to individuals and organizations, as they can be exploited for a variety of malicious purposes including data theft and system manipulation.

Apr 2, 2026

Hasbro hit by cyberattack, investigates possible data breach

Security Affairs

Hasbro, the well-known toy manufacturer, reported a cyberattack on Wednesday that has disrupted some of its operations. The company is currently investigating the incident to determine the extent of the attack and whether any sensitive data has been compromised. This situation raises concerns not only for Hasbro and its employees but also for customers who may be affected if personal information is involved. The investigation is ongoing, and Hasbro is working to restore its normal operations as quickly as possible. This incident serves as a reminder of the vulnerabilities that organizations face in the digital landscape.

Apr 2, 2026

Phishing campaign delivers Casbaneiro and Horabot banking trojans

SCM feed for Latest

A Brazilian cybercrime group known as Augmented Marauder and Water Saci has launched a phishing campaign that spreads two banking trojans: Casbaneiro and Horabot. The attackers use a mix of WhatsApp, ClickFix techniques, and email phishing to deliver these malicious programs. The campaign primarily targets individuals and organizations, aiming to steal sensitive banking information. This is particularly concerning as it showcases the evolving tactics employed by cybercriminals to exploit users through familiar communication channels. Users should be cautious about unsolicited messages and verify the authenticity of links before clicking.

Apr 2, 2026

Ransomware attackers increasingly exploit legitimate IT tools, bypassing antivirus

SCM feed for Latest

Recent reports indicate that ransomware attackers are increasingly using legitimate IT tools, such as Process Hacker and IOBit Unlocker, to bypass traditional antivirus software. These tools have deep access to operating system functions, allowing attackers to execute malicious activities without raising alarms. This trend poses significant risks to organizations, as it makes it harder for security systems to detect and prevent these kinds of attacks. Companies must reassess their security measures to account for the misuse of legitimate software, which could compromise sensitive data and disrupt operations. As attackers continue to evolve their tactics, it’s crucial for users and companies to stay vigilant and update their defenses accordingly.

Apr 2, 2026

WhatsApp warns of spyware in fake iPhone app

SCM feed for Latest

WhatsApp has raised concerns about a fake iPhone app developed by the Italian spyware company SIO. This app is designed to impersonate the legitimate WhatsApp service, potentially tricking users into downloading malicious software. If users unknowingly install this app, their personal information and communications could be at risk. This situation highlights the ongoing threat of spyware and the importance of downloading applications only from trusted sources. Users are encouraged to verify app authenticity before installation to protect their data from potential exploitation.

Apr 2, 2026