Meta alleges NSO Group violated court injunction with new WhatsApp spyware phishing attacks

Meta disclosed new spear phishing attempts linked to NSO Group targeting fewer than 10 WhatsApp users, mainly in Jordan and Lebanon, in a campaign that included malicious links and creation of test accounts on WhatsApp ^{[1, 2, 3, 4]}.

These attacks violate a permanent injunction issued after a 2025 US court case, where Meta was initially awarded $167 million in damages against NSO for hacking over 1,400 WhatsApp users but saw the amount later reduced to $4 million ^{[1, 2, 5, 3, 4]}. Meta filed a federal court motion seeking to hold NSO in contempt for breaching that injunction ^{[1, 2, 5, 3, 4]}.

The spear phishing campaigns directed users to malicious websites outside WhatsApp. Meta disclosed related domains publicly to warn users but stated it has not detected any actual compromise among the targets to date ^{[1, 4]}.

NSO Group is an Israeli company blacklisted by the US government since 2021 due to activities contrary to US national security interests, primarily for developing Pegasus spyware. Pegasus exploits WhatsApp vulnerabilities to monitor phones and harvest data ^{[1, 2, 5, 3]}.

NSO has challenged the permanent injunction and appealed a motion to stay it. Meta, with support from civil rights organizations, has opposed the appeal through amicus briefs filed last month ^{[2, 5]}.

John Scott Railton, senior researcher at Citizen Lab, described NSO’s alleged violation as “an astonishing signal of hubris” and said it suggests either overconfidence in avoiding detection or a belief they could evade consequences ^[1].

The original WhatsApp hacking campaign by NSO was uncovered in 2019, prompting Meta’s lawsuit ^[3]. The latest legal filings come after the recent disclosed attacks on June 8 and 9, 2026 ^{[1, 2, 5, 3, 4]}.

Meta’s next step is the pending court ruling on its contempt motion against NSO, which follows the company’s ongoing legal efforts to overturn the injunction.