WhatsApp Uncovers New NSO Group-Linked Spearphishing Campaign Despite Court Ban 

WhatsApp has revealed that it recently disrupted a new wave of spearphishing attempts linked to the Israeli spyware company NSO Group. The discovery comes despite a permanent U.S. court injunction that previously barred NSO from targeting WhatsApp and its users. Meta, WhatsApp’s parent company, said the latest activity suggests that efforts connected to the spyware maker have continued even after legal restrictions were put in place.

According to Meta, the attacks resembled earlier “one-click phishing” campaigns. In these attacks, victims receive a message containing a malicious link and only need to click it once for their device to be exposed to potential compromise. Unlike traditional phishing schemes that often require passwords or additional interaction, a single click can be enough to start the infection process.

WhatsApp said it identified and removed test accounts and groups that were allegedly being used as part of the operation. The company did not disclose extensive technical details about the campaign, but stated that the activity was linked to infrastructure associated with NSO. Security teams acted quickly to shut down the accounts before they could be used more broadly against targets.

The company believes the campaign was connected to attempts to deliver Pegasus, the spyware platform developed by NSO Group. Pegasus has been at the center of multiple international controversies because of its alleged use against journalists, activists, political opponents, and members of civil society. NSO has repeatedly stated that its technology is intended for government customers investigating crime and terrorism.

Meta’s latest findings have intensified an already lengthy legal dispute between the two companies. WhatsApp sued NSO Group in 2019 after discovering that spyware had been deployed against approximately 1,400 users through a vulnerability in the messaging platform. Those targeted included journalists, human rights defenders, and other civil society members across multiple countries.

In previous court proceedings, a U.S. court found NSO liable for unlawful activities involving WhatsApp users. A later ruling permanently prohibited the company from targeting WhatsApp or using the platform to distribute spyware. Meta now argues that the newly discovered spearphishing activity may represent a violation of those court-ordered restrictions and has moved to seek further legal action.

The development has also attracted support from privacy advocates, security researchers, and civil rights organizations. Meta said that several prominent groups have backed its position in the ongoing legal battle and are urging courts to uphold restrictions against spyware operators. Many experts view the case as a major test of accountability within the commercial spyware industry.

The incident serves as another reminder that spearphishing remains one of the most effective cyberattack methods. Even highly secure platforms can be targeted through social engineering techniques designed to trick users into clicking malicious links. WhatsApp says it will continue monitoring for abuse, protecting users, and taking action against entities that attempt to use its platform to deliver surveillance tools or spyware.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news