WhatsApp says it recently detected and disrupted a hacking attempt linked to spyware company NSO Group, which is based in Israel.
The Meta-owned messaging app said the attack appeared to violate a court order banning NSO from targeting WhatsApp and its users. Meta is now asking a federal court to hold NSO accountable over the alleged violation.
How The Attack Worked
WhatsApp said the attackers used social engineering to try to trick users into clicking on malicious links.
The links directed users to external websites outside WhatsApp. Meta said the attempt resembled previously reported one-click phishing campaigns linked to NSO, where a single click on a malicious link can be enough to compromise a device.
WhatsApp has shared some domains as indicators of compromise so users and security teams can check whether they were targeted across WhatsApp, text messages, email, or other platforms.
Test Accounts Disabled
WhatsApp said it also found the attackers creating test accounts and groups on its platform.
The company said it took down those accounts and groups after discovering the activity. It also said further action is being taken.
Legal Dispute
WhatsApp sued NSO in 2019 after a zero-day vulnerability was used to deliver spyware to users.
In December 2024, a judge ruled that NSO was liable in the case. In May 2025, a jury ordered NSO to pay more than $444,000 in compensatory damages and $167 million in punitive damages, according to SecurityWeek.
In October 2025, a judge reduced the punitive damages to $4 million but granted WhatsApp a permanent injunction barring NSO from hacking WhatsApp users. NSO has been trying to overturn the injunction, arguing that it would suffer irreparable harm.
WhatsApp’s Court Request
WhatsApp said NSO has now violated that permanent injunction.
“We’re filing a federal court contempt order against NSO for violating a permanent injunction that barred them from ever targeting WhatsApp and its users,” WhatsApp said in its update.
Reuters reported that NSO did not immediately respond to a request for comment.
Spyware Accountability Fund
WhatsApp also said it is making a significant contribution to the Spyware Accountability Initiative.
The fund supports organizations working on forensic research, user support, advocacy, and efforts to expose and stop spyware abuse.
WhatsApp said spyware remains a national security threat and pointed to the risks posed by surveillance-for-hire firms to journalists, government officials, military personnel, humanitarian organizations, and other targets.
WhatsApp’s Claims
WhatsApp said users’ personal messages and calls remain protected by default end-to-end encryption.
The company advised users to keep apps and devices updated and report suspicious activity. It also recommended stricter account settings for people who believe they may be targeted by advanced cyberattacks.
