The spyware known as Spyrtacus has been contaminating Android phones for years
For years, malicious apps have been using Spyrtacus spyware to infect Android devices. TechCrunch found that the spyware, which resembles Pegasus or Paragon, can steal contact details, WhatsApp conversations, Facebook Messenger, Signal, and text messages. Additionally, it can record phone calls and turn on the microphone or camera to capture audio or photos.
Lookout security experts have shared details about Spytacus, a new spyware. The researchers said they found it inside the code of an old malware sample, so they suspect it has been infecting Android phones for years.
They found that Spyrtacus is similar to government spyware, as Lookout told TechCrunch. In fact, it is capable of spying on conversations, searching through contacts stored in phone books, listening to calls, and taking photos remotely. This is spyware created by an Italian company called SIO, which has been revealed to be selling its services to the Italian government.
While examining the malware, Lookout researcher Cristina Balam found 13 distinct Spyrtacus samples. The oldest was from 2019 and the newest was from October 17, 2024. TechCrunch explains that some of the samples impersonated apps created by mobile service providers operating in Italy, such as TIM, Vodafone, and Windtre.
Cybersecurity firm Kaspersky said Spyrtacus was present in the Google Play Store in 2018. Currently, Google claims that there are no apps containing the malware in its official store. However, Android allows you to install APK files, which are platforms that are downloaded from a web browser.
Kaspersky reported in 2024 that Spyrtacus had a Windows version and that there were signs of the malware on iOS and macOS. Lookout also says the virus has been circulating on Android for about six years. While the Italian government did not respond to TechCrunch’s questions, Lookout researchers suspect that the spyware was used by the country’s security forces. However, the true purpose of Spyrtacus’ deployment is unclear.
SIO, the company behind Spyrtacus, isn’t the only Italian company selling spyware. Over the past decade, a number of such programs have emerged, including Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Labs. Some of them contained spyware similar to Spyrtacus. In fact, a 2018 investigation found that the country’s Ministry of Justice had a price list and catalog showing how authorities could force telecom companies to send malicious text messages to surveillance targets. In this way, they were able to convince people to install malicious apps, using some excuse related to their phone services.
Spyrtacus can access almost all data on smartphones, making it extremely dangerous. Lookout researchers say it can steal text messages and chats on various messaging apps (Facebook Messenger, Signal, or WhatsApp), extract contact data, record calls and audio, or take photos through cameras.