WhatsApp Thwarts NSO Group's New Spyware Attacks Amid Court Violations
TL;DR
- WhatsApp says it disrupted a new spear-phishing campaign linked to NSO Group after user reports triggered an investigation.
- The company is now asking a U.S. federal court to hold NSO in contempt, arguing the campaign violated a permanent injunction barring attacks on WhatsApp and its users.
- The case underscores the broader fight between messaging platforms and spyware makers, with WhatsApp framing the incident as part of an ongoing effort to stop Pegasus-related abuse.
WhatsApp Thwarts NSO Group's New Spyware Attacks Amid Court Violations
WhatsApp says it has blocked a fresh round of phishing attempts linked to NSO Group, escalating an already bitter legal fight with the Israeli spyware maker. The Meta-owned messaging app says the campaign broke a court order that had permanently barred NSO from targeting WhatsApp and its users, and it is now seeking to have the company held in contempt.
New phishing campaign detected
According to WhatsApp, the latest activity involved spear-phishing attempts designed to lure users into clicking malicious links that redirected them to external websites outside the app. The company said the investigation began after user reports and that it also found NSO-linked actors creating test accounts and groups on WhatsApp, which were removed.
WhatsApp said the tactics were similar to earlier phishing operations associated with NSO’s spyware ecosystem, including campaigns that used malicious links as an entry point for Pegasus infections. The company did not say how many users may have been targeted, but it described the campaign as a deliberate effort to trick people into giving attackers access to their devices or data.
The court order at the center of the dispute
The new allegations matter because WhatsApp says NSO was already under a permanent injunction forbidding it from targeting WhatsApp and its users. In its latest filing, WhatsApp argues that the new campaign violated that order and asks the court to enforce it through contempt proceedings.
This comes after years of litigation over NSO’s use of Pegasus against WhatsApp users. In 2025, a federal jury ordered NSO to pay roughly $168 million in damages after finding it had targeted more than 1,400 WhatsApp users. The new filing suggests WhatsApp is now trying to move beyond damages and force compliance with the earlier ban.
Why WhatsApp says this matters
WhatsApp has repeatedly cast the dispute as part of a broader battle against commercial spyware firms that sell tools to governments and other customers for surveillance purposes. In its public statement, the company said the court had been clear that NSO violated federal and state hacking laws, and that the latest activity shows the company ignored the injunction.
The messaging platform has long been one of NSO’s most visible adversaries. Earlier reporting connected WhatsApp exploitation to spyware delivery chains that used app vulnerabilities or social engineering to compromise phones, including past campaigns alleged to have affected journalists, activists, and human rights groups. WhatsApp’s current position is that stopping phishing infrastructure is just as important as patching technical vulnerabilities, because attackers often rely on deceptive links and social engineering to begin the infection process.
NSO’s legal and reputational pressure
NSO Group has faced mounting scrutiny for years over allegations that its tools were used in abusive surveillance campaigns around the world. The company has also been the target of U.S. sanctions and export restrictions in past reporting, reflecting broader concern about the misuse of spyware technology.
The latest contempt request raises the stakes because it frames NSO not just as a repeat offender, but as a company allegedly violating a specific court order designed to stop further abuse. If the court agrees, NSO could face additional legal consequences on top of the damages verdict it already lost.
What to watch next
The immediate question is whether the court will accept WhatsApp’s argument that the new activity was sufficiently connected to NSO to justify contempt sanctions. Another key issue is whether WhatsApp can show that the phishing campaign was coordinated as part of a broader spyware operation rather than isolated malicious activity.
More broadly, the case could become another important test of how far courts can go in restraining spyware vendors whose tools operate across borders and through intermediaries. For now, WhatsApp says it has blocked the latest campaign, but the legal and technical fight with NSO appears far from over.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!