WhatsApp said it disrupted a new hacking campaign linked to NSO Group, a spyware maker that has been caught in countless cases of abuse around the world. The messaging app maker accused NSO of violating a previous court order barring the company from targeting WhatsApp and its users with its spyware, and is seeking to hold NSO in contempt of court.
On Monday, the Meta-owned chat app announced that it “caught and disrupted spear phishing attempts linked to NSO” following an investigation prompted by user reports. “They tried to trick people into clicking on malicious links to take them to external websites outside of WhatsApp,” the company wrote. “We also caught them creating test accounts and groups on WhatsApp, which we removed.”
WhatsApp said the attacks were similar to another phishing campaign that relied on users clicking on malicious links, which would then lead to the targets being infected with NSO’s spyware Pegasus, a campaign that was reported in Jordan in 2024.
NSO did not respond to TechCrunch’s request for comment.
Contact us
Do you have more information about NSO Group? Or other spyware manufacturers? We would love to hear from you. From a non-working device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or email.
Last year, as part of a year-long lawsuit brought by WhatsApp against NSO, a court ordered the spyware maker to stop targeting WhatsApp and its users. WhatsApp claimed that the new phishing campaign revealed on Monday violated this permanent injunction and as such filed a contempt against the NSO.
The order stems from a 2019 mass hacking campaign by NSO that targeted more than 1,400 WhatsApp users. After the discovery, WhatsApp notified the victims and sued the spyware manufacturer. A jury ordered NSO to pay $167 million in damages, which was later lowered to $4 million.
Over the past decade, security researchers, journalists and technology companies like WhatsApp have documented dozens of cases where government hackers used NSO’s spyware to target and hack the phones of journalists, dissidents, human rights workers and political opponents. Tech companies have responded in several ways: publicly disclosing these hacking campaigns, notifying victims, filing lawsuits against the spyware makers, and launching new special opt-in security features designed to make devices and apps harder to hack, specifically by government customers armed with powerful spyware, like NSO’s Pegasus.
At the same time, the US government has also put pressure on NSO by blacklisting it and imposing sanctions on other spyware makers such as Intellexa and its founder.
Last year, a group of US investors bought NSO in the hope of cleaning up the company’s reputation, as well as lobbying the US government to lift its measures against the company.
While NSO continues with its plan to enter the US market, the US government has not yet removed NSO from the US Commerce Department’s block list.
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.