WhatsApp has disrupted a new hacking campaign linked to Israeli spyware company NSO Group, accusing the firm of violating a court order that prohibits it from targeting the platform and its users.
The Meta-owned messaging service announced that it uncovered and blocked spear-phishing attempts allegedly connected to NSO after investigating reports from users. According to WhatsApp, the attackers attempted to trick targets into clicking on malicious links that redirected them to external websites designed to facilitate spyware infections.
The company said it also detected and removed several test accounts and groups created on WhatsApp as part of the operation.
WhatsApp noted that the campaign resembled a previous attack uncovered in Jordan in 2024, where victims were lured into clicking malicious links that ultimately infected their devices with Pegasus, NSO Group’s flagship spyware.
The latest allegations come despite a permanent injunction issued against NSO following a lengthy legal battle with WhatsApp. The court order barred the spyware maker from targeting WhatsApp users after the company was found responsible for a 2019 hacking campaign that compromised more than 1,400 accounts.
In response to the newly discovered activity, WhatsApp has filed a contempt motion, arguing that the alleged phishing campaign violates the existing court order.
NSO Group did not immediately comment on the allegations.
The spyware firm has faced years of scrutiny over the use of Pegasus by government clients to monitor journalists, political opponents, human rights activists, and dissidents worldwide. Investigations by security researchers, technology companies, and media organisations have documented numerous cases involving the spyware.
In recent years, technology companies have intensified efforts to counter commercial spyware through legal action, public disclosures, victim notifications, and the introduction of enhanced security features designed to protect users from sophisticated surveillance tools.
The U.S. government has also taken action against NSO, placing the company on a Commerce Department blacklist and restricting its access to American technology. Despite efforts by new investors to rehabilitate the firm’s reputation and re-enter the U.S. market, the restrictions remain in place.
