Another spyware maker caught distributing fake Android snooping apps

Apr 24, 2026 · Source ↗

TLDR

Italian firm IPS, known for lawful interception tools, is linked to Android spyware called Morpheus distributed via fake phone-update apps.

Osservatorio Nessuno identified Morpheus after one IP address in the campaign was registered to “IPS Intelligence Public Security.”
Infection relied on the target’s telecom provider blocking mobile data, then sending an SMS prompting a fake update app install.
Once installed, Morpheus abused Android accessibility features and spoofed WhatsApp to gain full account access via a biometric prompt.
Researchers believe the attack targeted political activism in Italy; IPS did not respond to requests for comment.

IPS joins a documented list of Italian spyware vendors exposed in recent years, including CY4GATE, Negg, RCS Lab, and SIO.
The case shows government spyware supply extends beyond high-profile firms to legacy telecom vendors operating outside public view.

Lorenzo Franceschi-Bicchierai, TechCrunch · 2026-04-24 · Read the original