Prosecutors Suspend Government Spyware Used in WhatsApp Phishing Attacks

Because of a serious malfunction, prosecutors in Italy suspend the use of a spyware used to go after organized crime, according to two sources with knowledge of the case.
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Prosecutors in Italy suspended the use of malware made by a company that was involved in an apparent attempt to infect targets with a fake version of WhatsApp.

On Wednesday, Italian newspaper Il Fatto Quotidiano reported that the prosecutor’s office in Naples had ordered its employees to stop using surveillance technology made by SIO and Cy4gate, a company that was linked to a series of malicious phishing pages, one of which purported to be a WhatsApp download site, as Motherboard reported last week.


Sources with knowledge of the suspension confirmed the news to Motherboard. The two sources, who asked to remain anonymous to discuss sensitive law enforcement matters, said the suspension was due to a serious malfunction in how the malware works. In some cases, when a law enforcement operator tasked the malware with exfiltrating data from a target’s phone, it would pop up a notification, which could tip off the target that they are under surveillance, according to the sources. 

The suspension, however, does not have anything to do with the WhatsApp phishing pages, the sources said. 

Do you have information about this case or other companies that provide spyware to governments? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email

SIO did not immediately respond to a request for comment. The prosecutor’s office in Naples also did not respond to an email seeking comment. 

A Cy4gate spokesperson shared a statement previously posted on Twitter, where the company said that its products "have very high quality standards." 

"In the case of the reported malfunctions, the company immediately tasked a team to work in collaboration with the customers. Moreover, we want to note that, in this particular case, the company readily found and scrupulously analyzed the specific situation," the statement read. "The aforementioned product it’s only used by government authorities, fully respecting the pertinent laws."

Law enforcement authorities in Italy, especially in cases involving organized crime, rely heavily on wiretaps and spyware that can be installed on targets' phones. This has made Italy one of the biggest markets for so-called lawful interception technologies in the last few years. First, there was Hacking Team, then Negg, eSurv, and now Cy4gate. 

But this is not the first time that authorities find problems with their surveillance providers. In 2019, after Motherboard revealed that another spyware maker had published several malicious apps on the Google Play Store, potentially putting several innocent people under surveillance, authorities put the company under investigation. That investigation is still ongoing. 

Subscribe to our cybersecurity podcast CYBER, here.