CALIFORNIA — Meta is filing a federal court contempt order against NSO Group, alleging the company violated a permanent injunction that prohibits it from targeting WhatsApp and its users. WhatsApp also removed test accounts and groups created by NSO from its platform after disrupting a recent spear phishing attempt.
WhatsApp linked the recent phishing campaign to NSO based on similarities to previously reported one-click campaigns tied to the company. A one-click cyberattack compromises a victim's device or account with a single click on a malicious link or attachment without requiring credential entry. Pegasus spyware, classified as offensive cyber software, exploits software vulnerabilities to bypass existing device and operating system defenses.
WhatsApp initially filed a lawsuit against NSO in 2019 after engineers detected and blocked an NSO attack using Pegasus spyware that targeted over a thousand users. In December 2024, a U.S. court ruled NSO liable in that lawsuit. A jury subsequently ordered NSO to pay more than $444,000 in compensatory damages and $167 million in punitive damages in May 2025. In October 2025, a judge reduced the punitive damages owed by NSO from $167 million to $4 million.
A U.S. court granted the company a permanent injunction, prohibiting NSO from hacking WhatsApp users. NSO appealed the injunction, arguing that the order would cause the company irreparable harm. Twelve civil society organizations and digital rights experts filed amicus briefs with the Ninth Circuit Court of Appeals to oppose NSO's appeal. A company spokesperson said, "We're filing a federal court contempt order against NSO for violating a permanent injunction that barred them from ever targeting WhatsApp and its users."
The U.S. government has blacklisted NSO Group for engaging in activities contrary to national security or foreign policy interests. The company stated it is contributing to the Spyware Accountability Initiative, a fund supporting efforts to expose and stop spyware abuse. A company spokesperson said, "As always, WhatsApp users' personal messages and calls remain protected with default end-to-end encryption. We encourage people to keep their apps and devices up to date and report suspicious activity so we can quickly investigate and take action."