WhatsApp has accused Israeli spyware company NSO Group of carrying out a new hacking campaign despite a US court order that bars the company from targeting the messaging platform and its users.
The Meta-owned platform said on Monday that it had uncovered and stopped a series of spear-phishing attempts linked to NSO after receiving reports from users.
According to WhatsApp, the attackers tried to lure targets into clicking malicious links that directed them to websites outside the app.
“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp,” the company wrote. “We also caught them creating test accounts and groups on WhatsApp, which we took down.”
WhatsApp said the operation shared similarities with another campaign uncovered in Jordan in 2024. In that case, victims who clicked malicious links were infected with Pegasus, NSO Group’s spyware.
Following its latest findings, Meta has asked a US federal court to hold NSO in contempt, arguing that the company breached a permanent injunction issued during a long-running case between both firms.
The court order stemmed from a 2019 hacking campaign in which more than 1,400 WhatsApp users were targeted through the platform. After discovering the breach, WhatsApp alerted affected users and filed a lawsuit against NSO.
A jury later ordered the spyware maker to pay $167 million in damages. That amount was subsequently reduced to $4 million.
The latest court filing is another chapter in an issue that has lasted several years and drawn attention to the high use of commercial spyware around the world.
NSO Group has been repeatedly cautioned over Pegasus, a surveillance tool capable of infiltrating mobile devices through so-called “zero-click” and “one-click” attacks.
Investigations by journalists, security researchers and technology companies have linked the spyware to operations targeting journalists, activists, dissidents, human rights defenders and political opponents in several countries.
WhatsApp said it has continually exposed suspected spyware campaigns, notified victims and strengthened protections for users who may face a higher risk of digital surveillance.
Other technology companies, including Apple and Google, have also introduced additional security measures designed to help protect users from advanced spyware attacks.
Meta’s latest legal action has attracted support from civil society groups. A coalition of 12 civil rights organisations, privacy advocates and security researchers has filed court briefs backing the company’s position and urging the court to maintain pressure on NSO.
The spyware maker is also still under pressure from the US government. NSO is still listed on the US Commerce Department’s Entity List, a designation that restricts its access to American technology.
Washington has imposed similar measures on other spyware firms, including Intellexa and its founder.
In 2025, a group of US investors acquired NSO and began efforts to rebuild the company’s reputation while seeking the removal of US restrictions. However, the company remains on the Commerce Department blocklist.
The NSO Group did not respond to requests for comment on the latest allegations from WhatsApp.
