Lookout analyzed suspicious Android apps provided to TechCrunch and confirmed that they were spyware. The creator of the Trojan, apparently, is the Italian company SIO, which supplies intelligence agencies and law enforcement with surveillance tools.
The malware, called Spyrtacus, is distributed under the guise of WhatsApp (owned by Meta, a company recognized as extremist and banned in Russia) and other popular programs. Google assured journalists that there are no such fakes in their store.
The spy is interested in SMS, messages in WhatsApp, Signal and Facebook messenger (the social network is recognized as extremist in Russia and banned) . It can also collect information about the victim's contacts, record calls, and work with the camera and microphone.
Some servers used by Spyrtacus as C2 are registered to ASIGINT, a subsidiary of SIO, which develops software for wiretapping.
It is noteworthy that both the fake apps and the fake websites from which they are distributed are in Italian. It is still unknown who exactly is spying with their help, and on whom.
Analysts from Lookout found 13 more Spyrtacus samples on the Internet; the earliest dates back to 2019, the newest - to October 2024. Some of them are disguised as applications of Italian mobile operators - TIM, Vodafone, WINDTRE.
According to Kaspersky Lab, the Spyrtacus spyware first appeared on the Internet in 2018. At first, malicious APKs were distributed via Google Play, then fake websites were created for this purpose.
In addition to the Android version, experts found a sample tailored for Windows, as well as signs of the existence of implants for iOS and macOS. Another spy campaign was recently reported . Its target was journalists and activists using WhatsApp. Specialized software developed by the Israeli company Paragon was installed on devices via the 0-click vulnerability . @ Anti-Malware
The malware, called Spyrtacus, is distributed under the guise of WhatsApp (owned by Meta, a company recognized as extremist and banned in Russia) and other popular programs. Google assured journalists that there are no such fakes in their store.
The spy is interested in SMS, messages in WhatsApp, Signal and Facebook messenger (the social network is recognized as extremist in Russia and banned) . It can also collect information about the victim's contacts, record calls, and work with the camera and microphone.
Some servers used by Spyrtacus as C2 are registered to ASIGINT, a subsidiary of SIO, which develops software for wiretapping.
It is noteworthy that both the fake apps and the fake websites from which they are distributed are in Italian. It is still unknown who exactly is spying with their help, and on whom.
Analysts from Lookout found 13 more Spyrtacus samples on the Internet; the earliest dates back to 2019, the newest - to October 2024. Some of them are disguised as applications of Italian mobile operators - TIM, Vodafone, WINDTRE.
According to Kaspersky Lab, the Spyrtacus spyware first appeared on the Internet in 2018. At first, malicious APKs were distributed via Google Play, then fake websites were created for this purpose.
In addition to the Android version, experts found a sample tailored for Windows, as well as signs of the existence of implants for iOS and macOS. Another spy campaign was recently reported . Its target was journalists and activists using WhatsApp. Specialized software developed by the Israeli company Paragon was installed on devices via the 0-click vulnerability . @ Anti-Malware