A new and sophisticated spyware, dubbed Spyrtacus, has emerged as a significant threat to Android users worldwide. This insidious software, with characteristics reminiscent of government-issued spyware, is capable of remotely targeting WhatsApp users and extracting sensitive data from their devices. Disguised as popular apps, Spyrtacus has been distributed through malicious Android applications masquerading as legitimate services. These apps have been predominantly found on Italian websites, sparking speculation about their origin and potential use by Italian law enforcement agencies.
Spyrtacus was allegedly deployed against high-profile individuals, including a journalist and two founders of a non-governmental organization (NGO) dedicated to assisting immigrants in the Mediterranean. This sophisticated spyware can steal text messages, intercept chats from Facebook Messenger, Signal, and WhatsApp, and exfiltrate contact information. It can also record phone calls, ambient audio, and capture images using the device's cameras.
The distribution method of Spyrtacus involves malicious apps that mimic popular applications like WhatsApp. Websites hosting these apps are largely in Italian, which raises questions about the involvement of local entities. Notably, the Lawful Intercept Academy, an independent Italian organization, lists SIO as the certificate holder for a spyware product known as SIOAGENT. SIO had acquired ASIGINT in 2022, and Michele Fiorentino, CEO of ASIGINT, reportedly worked on the "Spyrtacus Project" during his tenure at DataForense between February 2019 and February 2020. Despite requests for comments, both DataForense and Fiorentino have remained silent.
The oldest known sample of Spyrtacus dates back to 2019, with the most recent detected on October 17, 2024. Lookout, a company specializing in cybersecurity, discovered 13 different samples of this spyware circulating in the wild. Some of these samples impersonated apps developed by major Italian cellphone providers such as TIM, Vodafone, and WINDTRE. Despite its widespread distribution, Google's current detection systems do not identify any apps containing this malware on its Google Play platform.
The capabilities of Spyrtacus are extensive and concerning. Beyond its ability to infiltrate popular messaging platforms, it can access and steal a wide range of data types from infected devices. This includes sensitive text communications, multimedia files, and crucial contact information. Furthermore, its ability to record conversations and images without user consent poses a significant threat to privacy.
The speculation surrounding the potential use of this spyware by Italian law enforcement agencies adds another layer of complexity to the narrative. Given the language of the websites distributing these apps and the involvement of Italian companies in the certificate holding process, it seems plausible that Spyrtacus could be utilized for governmental surveillance purposes.
In an intriguing twist, Michele Fiorentino's reported involvement in the "Spyrtacus Project" at DataForense adds depth to the unfolding scenario. Although Fiorentino has not offered any public comment on these allegations, his association with ASIGINT and its acquisition by SIO places him at a crucial juncture in this investigation.
The implications of Spyrtacus extend beyond individual privacy violations. The potential use against journalists and NGO leaders highlights the broader societal impact of such spyware tools. By targeting those who play critical roles in information dissemination and humanitarian efforts, the creators of Spyrtacus pose a threat to democratic processes and human rights advocacy.
Despite its sophisticated nature and extensive reach, Spyrtacus has managed to evade detection by major app distribution platforms like Google Play. This gap in detection underscores the need for enhanced security measures and vigilance among users when downloading apps from unofficial sources.
"Scetáteve guagliune ‘e malavita," – Michele Fiorentino (CEO of ASIGINT)
This statement by Fiorentino adds a cryptic dimension to the situation, suggesting potential implications yet to be fully understood or revealed.
Leave a Reply