# Italian Spyware Firm IPS Linked to Fake-App Android Surveillance Campaign _Sunday, April 26, 2026 at 6:07 AM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![Italian Spyware Firm IPS Linked to Fake-App Android Surveillance Campaign — Primary](https://techcrunch.com/wp-content/uploads/2021/09/android-spyware-malloc.jpg?resize=1200,751) Researchers have linked Italian security company IPS to a new Android spyware campaign that tricked targets into installing surveillance software disguised as a phone update. Osservatorio Nessuno, an Italian digital rights group, published a report Thursday on the malware, which it calls Morpheus. The spyware campaign relied on a target's cellphone provider deliberately blocking the target's mobile data. The provider then sent an SMS prompting the target to install an app to restore cellular access. Once installed, the malware abused Android's accessibility features to read screen data and interact with other apps. It then spoofed WhatsApp and asked the target for biometric verification, which granted the spyware full access to the WhatsApp account by adding a device. Osservatorio Nessuno researchers Davide and Giulio tied the spyware to IPS through infrastructure evidence, including an IP address registered to "IPS Intelligence Public Security." They also found Italian phrases embedded in the malware code. IPS has operated for more than 30 years providing lawful interception technology and lists several Italian police forces among its customers. The company did not respond to a request for comment. The researchers called Morpheus "low cost" spyware because it requires targets to install it themselves, unlike advanced tools from NSO Group or Paragon Solutions that use zero-click attacks. Davide and Giulio told TechCrunch they believe the attack is related to political activism in Italy, where targeted attacks are common. IPS joins a growing list of Italian spyware makers exposed by researchers in recent years, including CY4GATE, eSurv, RCS Lab, and SIO. Earlier this month, WhatsApp notified around 200 users who had installed a fake version of the app that was actually SIO spyware. ## Sources - [TechCrunch](https://techcrunch.com/2026/04/24/another-spyware-maker-caught-distributing-fake-android-snooping-apps/) --- Canonical: https://techandbusiness.org/newswire/nboQQLUk2FOYJmEHi1p4mk Retrieved: 2026-04-26T13:27:23.908Z Publisher: Tech & Business (techandbusiness.org)