WhatsApp said it has disrupted a new hacking campaign linked to NSO Group, a spyware maker that has been caught countless cases of abuse all over the world. The messaging app maker has accused NSO of violating an earlier court order barring the company from targeting WhatsApp and its users with its spyware and is seeking to hold NSO in contempt of court.
On Monday, the Meta-owned chat app was announced that it “caught and disrupted spear phishing attempts linked to NSO” after an investigation prompted by user reports. “They tried to trick people into clicking on malicious links to take them to external websites outside of WhatsApp,” the company wrote. “We also caught them creating test accounts and groups on WhatsApp, which we took down.”
WhatsApp said the attacks were similar to another phishing campaign that relied on users clicking on malicious links that would lead to targets being infected with NSO’s Pegasus spyware, a campaign that reported in Jordan in 2024.
NSO did not respond to TechCrunch’s request for comment.
Contact us
Do you have more information about NSO Group? Or other spyware manufacturers? We would love to hear from you. From a broken device and network, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or via email.
Last year, as part of a multi-year lawsuit initiated by WhatsApp against NSO, a court ordered the spyware maker to stop targeting WhatsApp and its users. WhatsApp claimed that the new phishing campaign revealed on Monday violated this standing order and therefore filed a contempt order against the NSO.
The order stems from a 2019 mass hacking campaign by NSO that targeted more than 1,400 WhatsApp users. After the discovery, WhatsApp notified the victims and sued the spyware maker. A court ordered NSO to pay $167 million in damages, which was later reduced to $4 million.
Over the past decade, security researchers, journalists and tech companies like WhatsApp have documented dozens of cases where government hackers used NSO’s spyware to target and hack the phones of journalists, dissidents, human rights workers and political opponents. Tech companies have responded in a number of ways: publicly exposing these hacking campaigns, notifying victims, filing lawsuits against spyware makers, and launching new special security features designed to make devices and apps harder to hack, especially by government customers armed with powerful spyware like NSO’s Pegasus.
At the same time, the US government also pressured NSO by placing it on a blacklist and imposed sanctions on other spyware makers such as Intellexa and its founder.
Last year, a group of US investors bought NSO in hopes of cleaning up the company’s reputation, as well as lobby the US government to lift its measures against the company.
While NSO continues its plan to enter the US market, the US government has not yet removed NSO from the US Commerce Department’s blacklist.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
