WhatsApp Spyware Campaign Targets 200 Users in Italy via Fake iOS App

On April 2, 2026, Meta-owned WhatsApp notified approximately 200 users that they had been targeted in a spyware campaign involving a bogus iOS application. The majority of targeted individuals were located in Italy, suggesting a geographically focused operation potentially targeting journalists, activists, or political figures. The threat actors employed social engineering tactics to convince targets to install the malicious application outside of official app stores (sideloading). Once installed, the spyware was capable of monitoring communications, accessing device data, and potentially enabling surveillance of the target's activities. Mobile spyware campaigns of this nature are typically associated with nation-state actors or commercial surveillance vendors. This incident follows a broader trend of mobile spyware being used against civil society and political targets across Europe. Users should only install applications from official app stores (Apple App Store, Google Play Store), be suspicious of unsolicited links or requests to install applications, keep their devices updated with the latest security patches, and use mobile security solutions that can detect spyware. Organizations should implement mobile device management (MDM) policies and educate employees about mobile spyware risks.