WhatsApp Catches NSO in New Spyware Sting, Moves to Drag Company Back Into Court
The battle between WhatsApp and NSO Group is far from over.
In a dramatic new escalation, Meta-owned messaging giant WhatsApp says it recently detected and disrupted a spear-phishing campaign linked to the notorious spyware developer—despite a standing court order explicitly prohibiting NSO from targeting the platform and its users.
According to WhatsApp, the operation bore the hallmarks of a classic social engineering attack. Victims were lured toward malicious links in an apparent attempt to gain access to devices and sensitive information. While the company has released only a handful of indicators of compromise, investigators say the infrastructure and tactics closely resemble previous one-click phishing operations attributed to NSO.
For WhatsApp, the discovery isn't just another cyberattack—it's a direct challenge to a legal injunction won after years of courtroom warfare.
The feud dates back to 2019, when WhatsApp sued NSO Group after attackers exploited a zero-day vulnerability to secretly deploy spyware against users. What followed was one of the most closely watched legal battles in the cybersecurity industry.
In December 2024, a judge ruled NSO liable for its actions. Months later, a jury hit the spyware firm with more than $167 million in punitive damages alongside additional compensation awards. Although portions of the penalty were later reduced on appeal, the court delivered a far more significant blow: a permanent injunction forbidding NSO from targeting WhatsApp or its users ever again.
NSO has spent the months since attempting to overturn that order, arguing that the restrictions would cause the company "irreparable harm."
Now, WhatsApp says the spyware maker may have crossed the line once again.
The company revealed that its security teams not only detected the phishing infrastructure but also uncovered attacker-controlled test accounts and groups being used to support the campaign. Those assets have since been disabled, but WhatsApp says the response will not stop there.
The messaging giant is preparing to return to federal court, accusing NSO of violating the injunction and seeking contempt sanctions against the company.
"We're filing a federal court contempt order against NSO for violating a permanent injunction that barred them from ever targeting WhatsApp and its users," the company stated.
The latest allegations arrive as pressure continues to mount on the spyware industry. Nearly a dozen civil society organizations have already urged the Ninth Circuit Court of Appeals to preserve the injunction, warning that weakening the ruling could open the door to further abuse by commercial surveillance vendors.
At the same time, WhatsApp is taking the fight beyond the courtroom. The company announced a significant contribution to the Spyware Accountability Initiative, a program dedicated to exposing, investigating, and disrupting the misuse of spyware technologies worldwide.
The message from WhatsApp is clear: the company believes NSO's campaign isn't merely a violation of platform rules—it's a violation of a federal court order.
And if the allegations prove true, the next chapter of this long-running cyber espionage saga may play out not on users' phones, but once again inside a courtroom.
