Meta announced on June 8 that WhatsApp disrupted a spear-phishing campaign linked to NSO Group, the Israeli spyware firm known for its Pegasus surveillance software. The company filed a motion asking a US federal court to hold NSO in contempt for violating a permanent injunction issued in 2025 that barred NSO from targeting WhatsApp and its users.
As per Meta:
We successfully disrupted NSO-linked social engineering attempts, after investigating user reports. They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down.
The campaign used deceptive links designed to push victims off WhatsApp to external sites. Meta said the phishing attempts targeted fewer than 10 WhatsApp users, primarily in Jordan and Lebanon, and failed after users reported the suspicious activity. Meta identified and removed test accounts and groups associated with the campaign. Three domains used in the phishing operation are now public, allowing other users to check if they were also targeted.
The attack mirrors an earlier NSO-linked phishing campaign that used similar techniques to deliver the Pegasus spyware.
“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp,” Meta stated in a blog post.
Had recipients clicked the links, hackers likely would have gained access to the private contents of their phones or WhatsApp accounts.
The contempt filing connects to a broader lawsuit spanning six years. In 2019, Meta engineers discovered NSO was using Pegasus to target roughly 1,400 WhatsApp users, including human rights activists, journalists, and diplomats.
In 2024, a federal judge found NSO liable for the hacking attacks and initially ordered the company to pay $167 million in damages. That award was later reduced to $4 million.
As Meta pledges:
As always, WhatsApp users’ personal messages and calls remain protected with default end-to-end encryption. We encourage people to keep their apps and devices up to date and report suspicious activity so we can investigate and take action. For those who believe they may be targeted by sophisticated cyber attacks, we strongly recommend enabling strict account settings to harden their WhatsApp account even more.
