Upon investigation, Google and cybersecurity firm Lookout confirmed that these apps were indeed spyware. This discovery highlights the expanding landscape of government surveillance, with numerous companies employing varied methods to target individuals.
Italy is already embroiled in a separate spyware scandal involving Israeli firm Paragon, whose sophisticated surveillance tool allegedly targeted journalists and NGO founders.
In contrast, the SIO-linked spyware campaign relied on a more straightforward approach—disguising malicious Android apps as well-known communication and customer service applications.
Lookout researchers identified the malware as Spyrtacus, a spyware capable of stealing text messages, chats from WhatsApp, Signal, and Facebook Messenger, recording calls, capturing ambient audio and camera images, and extracting contact information.
Their analysis confirmed that SIO was responsible for creating and distributing Spyrtacus, with samples dating back to 2019. Some variants impersonated apps from Italian telecom providers TIM, Vodafone, and WINDTRE.
Google stated that none of the infected apps were available on the Play Store, asserting that Android security measures have protected users from this malware since 2022.
However, a 2024 Kaspersky report suggested that earlier versions of Spyrtacus were distributed via Google Play in 2018 before shifting to fake websites mimicking major Italian internet providers.
Italy has a long history of government spyware development, with companies such as Hacking Team, Cy4Gate, and RCS Lab selling surveillance tools to international law enforcement agencies. Spyrtacus is the latest example of this trend, with Lookout identifying command-and-control servers registered to ASIGINT, an SIO subsidiary specializing in wiretapping software.
The SIO, Italian government and the Ministry of Justice have reportedly declined to comment. Lookout has also discovered references to Naples in the malware’s source code, suggesting a possible connection to developers from the region.
