A court order told NSO Group to stay away from WhatsApp. Meta says the spyware maker came back anyway.
Meta is asking a federal court to hold NSO in contempt after WhatsApp investigators said they had disrupted a new spear-phishing campaign linked to the Israeli spyware company. The alleged activity targeted fewer than 10 users, primarily in Jordan and Lebanon, and Meta said it has not found evidence that any of them were successfully compromised.
The filing keeps a years-long Pegasus spyware fight alive and raises a larger security concern: commercial surveillance firms may remain a threat to messaging platforms even after courts order them out.
WhatsApp says it disrupted new NSO-linked activity
Meta said Monday that WhatsApp investigators identified and disrupted spear-phishing attempts linked to NSO Group, the Israeli spyware company behind Pegasus. According to the company, the campaign relied on social engineering tactics designed to persuade targets to click on malicious links that redirected them to websites outside WhatsApp.
“We successfully disrupted NSO-linked social engineering attempts after investigating user reports,” WhatsApp said in Meta’s blog post.
The company stated that it also detected and removed test accounts and groups allegedly created by NSO on the messaging platform. Meta is now asking a federal court to hold the company in contempt for violating a permanent injunction issued last year that barred NSO from targeting WhatsApp and its users.
Reuters reported that the phishing attempts resembled previous “1-click phishing” campaigns, in which a single click on a malicious link can be enough to compromise a device.
A Meta spokesperson said the campaign targeted fewer than 10 WhatsApp users, primarily in Jordan and Lebanon, according to Engadget. The spokesperson added that Meta had not found evidence that any of the identified targets were successfully compromised.
Legal battle over Pegasus spyware continues
The latest filing marks another chapter in Meta’s long-running case against NSO Group.
Meta sued the company in 2019, alleging that NSO used WhatsApp infrastructure to deploy Pegasus spyware against journalists, human rights activists, political dissidents, and other targets. Pegasus has been linked to surveillance operations worldwide and has drawn scrutiny from governments, privacy advocates, and cybersecurity researchers.
Last year, a US court awarded damages to Meta and issued a permanent injunction prohibiting NSO from targeting WhatsApp users. Although a judge later reduced the damages award from $167 million to $4 million, the injunction remained in place.
“Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group … from targeting WhatsApp and its users ever again,” according to the company blog post.
NSO did not immediately respond to Reuters’ request for comment.
Meta calls spyware a national security threat
Meta used the announcement to argue that commercial spyware remains a broader threat to governments, businesses, and individuals.
The company pointed to testimony from NSO’s chief executive during court proceedings that described how the company seeks multiple pathways into devices, including browsers, operating systems, and third-party applications.
Meta also announced a financial contribution to the Spyware Accountability Initiative, a program that supports digital rights organizations, forensic researchers, and advocacy groups investigating spyware activity worldwide.
The company published several domains it said were linked to the recent phishing activity and encouraged users to report suspicious messages, keep software updated, and enable stronger account security protections.
Messaging apps remain a major target for attackers, and malicious WhatsApp and Slack alerts show how trusted notifications can become a security risk for millions of Android users.