WhatsApp says NSO Group is at it again. The Meta-owned messaging platform has detected and disrupted a new spear-phishing campaign linked to the infamous Israeli spyware maker — a direct violation of a permanent court injunction that explicitly bars NSO from targeting WhatsApp and its users.
A Years-Long Legal Battle
WhatsApp first sued NSO Group in 2019 after discovering that a zero-click vulnerability in the app had been exploited to deliver Pegasus spyware to journalists, activists, and government officials. The case dragged through the courts for years: in December 2024, a judge ruled NSO liable. By May 2025, a jury hit the company with over $444,000 in compensatory damages and a staggering $167 million in punitive damages.
NSO appealed. In October 2025, the court reduced punitive damages to $4 million but issued a permanent injunction — a legal wall meant to stop NSO from ever targeting WhatsApp users again. NSO has been fighting to overturn that injunction ever since, arguing it would cause "irreparable harm" to the company.
The New Attack
According to WhatsApp, the company recently uncovered a social engineering campaign designed to trick users into clicking malicious links — a technique consistent with previously documented one-click phishing operations tied to NSO. The attackers also created test accounts and groups to refine their approach, all of which have since been disabled.
WhatsApp has published a small set of domains as indicators of compromise but says the fingerprints all point back to NSO. The company isn’t mincing words: "We’re filing a federal court contempt order against NSO for violating a permanent injunction that barred them from ever targeting WhatsApp and its users."
Why This Matters Beyond One Company
The implications here go far beyond WhatsApp and NSO. Nearly a dozen civil society organizations recently filed an amicus brief with the Ninth Circuit Court of Appeals urging it to uphold the lower court’s injunction. Governments worldwide have struggled to hold commercial spyware vendors accountable, and a contempt finding could set a meaningful precedent.
To back up its legal action, WhatsApp is also making a "significant contribution" to the Spyware Accountability Initiative, a fund dedicated to exposing and stopping spyware abuse globally.
What’s Next
The contempt filing could result in additional sanctions or fines against NSO, but the real question is whether a company already facing hundreds of millions in damages will actually feel the pressure. NSO has continued operating throughout this entire legal saga. Court watchers will be watching to see if this contempt move finally moves the needle — or if it’s just another speed bump in the spyware industry’s playbook.
