Government linked Italian Spyware producer caught distribution of malicious Android apps

Spyware Maker Sio Suspected to be Behind ‘Spyrtacus’, a Non-Saw New Spyware
It was previously found on Google Play, but now largely on phishing –
A persuasive paper path connects Spyrytacus back to SIO and a subsidiary

At least three Android apps have been identified as spyware, and researchers believe developing SIO, which sells its products to the Italian government, is responsible.

At the end of 2024, an anonymous security researcher raised his concerns about apps with TechCrunch, which then submitted the concerns to Google and the CyberSecurity company; As both confirmed the apps that are alleged to be popular apps such as WhatsApp and support services for telephone companies were spyware.

Lookout identified spyware such as ‘Spyrtacus’, citing the malware itself in the code. Both it and another cybersecurity company that asked not to be named, found that Spyrtacus could steal texts, chats, calls and contacts, as well as detect surrounding sound and imagery directly from a device’s microphones and cameras.

SIOS Spyrytacus spyware

Connecting SIO to SpyRacus is a intricate paper track, but it can be done. As per the researchers Techcrunch Spoke to, a number of command -and -control (C2) servers were linked to the previous start -up Asigint, now a well -known subsidiary of SIO that is directly involved in the production of “Computer Wiretapping” software (PDF, originally in Italian) . Italy’s Legal Intercept Academy, which issues certifications of compliance with spyware developers, shows SIO as a certificate proprietor of a product, sioagent that Asigin owns.

Finally, Assigint CEO Michele Fiorentino on LinkedIn confirmed that he was working on ‘Spyrtacus Project’ at another company linked to SIOS C2 servers, DataForense.

Kristina Balaam, a scientist at Lookout, found 13 samples of Spyrytacus in total dated from 2019 to October 2024. However, Ed Fernandez, a Google spokesman, was convinced that “No apps containing this malware [can currently be] Found on Google Play ”and confirmed that its App Store has had protection against Spyrtacus in place since 2022.

This may not have done much to slow down the operation; Kaspersky, an antivirus -Softwar business with its own reasonable proportion of controversy about privacy concerns, found in a 2024 report that Spyrtacus -Distribution had largely changed tack from Google Play to fake but compelling imitations of Italian ISP (ISP) sites.

The Italian government already has shaking form to enable spyware producers; Back in February 2025, the Israeli spyware -developing Paragon Solutions canceled his own contract with Italy’s government after being caught in violation of the ‘ethical framework’ described in it by interventioning the privacy of seven Italian citizens and several others throughout Europe.

It gets darker when Italian phone operators are found actively to practice surveillance (originally in Italian) and be paid for by the Italian Ministry of Justice for their services, and it says nothing about the previous two decades when spyware companies such as Hacking Team, Cy4gate, RCS Lab and Raxir have called Italy home.

Must Read

Leave a Comment Cancel Reply