Fake Android Apps Expose New Spyware Campaign

A fresh spyware operation has come to light, highlighting how surveillance tools are still being quietly deployed through deceptive mobile apps. Researchers say the latest case involves a malicious Android program disguised as a routine phone update—tricking users into installing it themselves.

The investigation was led by Osservatorio Nessuno, an Italian digital rights group that uncovered the spyware, which it has named Morpheus. According to the report, the malware is capable of collecting a wide range of sensitive data from infected devices, raising fresh concerns about privacy and digital security.

How the Spyware Spreads

Unlike more sophisticated cyber tools, Morpheus relies on simple—but effective—social engineering. Targets are misled into downloading a fake app that appears to fix connectivity issues or update their device.

In this case, researchers found that the attack involved cooperation from a telecom provider. The victim’s mobile data was deliberately disrupted, followed by an SMS message urging them to install an app to restore service. Once installed, the spyware gained extensive access to the device.

The malware then exploited Android’s accessibility features, allowing it to read on-screen content and interact with other apps. It even displayed a fake reboot screen and mimicked WhatsApp to trick users into providing biometric confirmation. That action unknowingly gave attackers full access to the victim’s WhatsApp account.

Linked to Italian Surveillance Firm

The researchers traced the spyware back to IPS Intelligence Public Security, a firm known for providing lawful interception tools to governments. Evidence included infrastructure links and IP addresses tied to the company.

IPS, which has reportedly operated for over 30 years and works with law enforcement agencies, has not responded to requests for comment.

“Low-Cost” but Effective

Experts described Morpheus as “low-cost” spyware because it doesn’t rely on advanced hacking techniques. Unlike firms such as NSO Group or Paragon Solutions, which use stealthy “zero-click” exploits, this malware depends on user interaction to gain access.

Still, the results can be just as damaging. Once installed, Morpheus can extract personal data, monitor activity, and compromise private communications.

A Growing Spyware Industry

The findings also highlight a broader trend: the rising demand for surveillance tools among governments and law enforcement agencies. This demand has fueled a growing ecosystem of spyware vendors—many operating outside public scrutiny.

Italy, in particular, has seen a surge in such companies following the decline of Hacking Team, once a major player in the global spyware market. Since then, several firms—including CY4GATE, RCS Lab, and others—have been exposed by researchers.

The researchers believe this specific attack may be linked to political activism, noting that targeted surveillance campaigns like this are becoming increasingly common.

A Reminder for Users

The incident serves as another warning about the risks of downloading apps from unknown sources—even when they appear legitimate. As spyware tactics evolve, staying cautious remains one of the most effective defenses.

Also read : Shade Raises $14M to Reinvent Video Search for Creators