Meta-owned WhatsApp has identified and disrupted a new wave of spear-phishing campaigns linked to NSO Group, the Israeli spyware firm previously barred by a U.S. federal court from targeting the messaging platform and its users. The company is now seeking to have NSO held in contempt, alleging that the latest activity violates a permanent injunction issued after an earlier legal battle.
Court Order Followed Earlier Pegasus Case
The renewed dispute comes after a U.S. federal jury in May 2025 ordered NSO Group to pay $167,254,000 in punitive damages and $444,719 in compensatory damages to WhatsApp over a 2019 campaign that compromised approximately 1,400 users.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
According to the report, the original case stemmed from the exploitation of a buffer overflow vulnerability in WhatsApp’s Voice over Internet Protocol stack, which was allegedly used to silently deploy Pegasus spyware. The resulting court order permanently barred NSO from targeting WhatsApp and its users again.
Court filings cited in the report also alleged that NSO continued developing exploit tools and malware vectors even after the lawsuit was initiated.
New Phishing Activity Detected and Disrupted
WhatsApp said its latest investigation was triggered by user reports and uncovered accounts linked to NSO that were allegedly attempting to lure users into clicking malicious external links. The activity was described as a one-click phishing technique previously associated with the spyware company.
The campaign reportedly targeted fewer than 10 users in Jordan and Lebanon. A Meta spokesperson said no successful device compromises were detected. WhatsApp also said it identified and removed test accounts and groups allegedly created to facilitate the attacks.
The company has petitioned a U.S. federal court to hold NSO in contempt, arguing that the alleged targeting activity represents a direct violation of the permanent injunction.
Broader Spyware Accountability Efforts Continue
The report said NSO’s chief executive had acknowledged in court that the company actively seeks methods to access devices through browsers, operating systems and third-party applications, highlighting the breadth of its surveillance capabilities.
WhatsApp said it has received support from civil rights organisations. In May 2026, 12 civil rights groups filed amicus briefs backing the permanent injunction against NSO’s appeal.
The company has also contributed financially to the Spyware Accountability Initiative, a fund that supports forensic research organisations, advocacy groups and user-support networks. The report noted that Citizen Lab, a long-time technical partner in spyware investigations, has previously conducted research that contributed to a major Apple security update protecting more than a billion devices.
The report further listed several domains that investigators linked to phishing infrastructure associated with the campaign and urged users and defenders to scan communication platforms for related indicators.
