What NSO Pegasus spyware is and why WhatsApp users are in the crosshairs
NSO Pegasus spyware is a commercial surveillance tool that can covertly infect smartphones through phishing links or software flaws and then turn them into round-the-clock tracking devices, capturing messages, calls, location, and even microphone and camera feeds for whoever controls the spyware. Meta now says NSO Group, the company behind Pegasus, has resumed WhatsApp phishing attacks despite a permanent court order telling it to stop. Investigators linked the latest activity to “NSO‑linked social engineering attempts” that tried to lure targets into tapping malicious links and visiting external sites outside WhatsApp. Pegasus has previously been used to target journalists, lawyers, opposition politicians, and human rights workers, which makes these renewed WhatsApp phishing attacks a serious mobile security threat. Even with end‑to‑end encryption, a compromised phone gives an attacker access before or after messages are encrypted, so user behavior and device security matter as much as app design.
Meta’s new findings: phishing links, test accounts, and a contempt motion
Meta reports that it disrupted fresh WhatsApp phishing activity it attributes to NSO Group after investigating user reports of suspicious messages and links. The attacks copied earlier one‑click WhatsApp phishing attacks, using social engineering to push people to tap shortened or disguised URLs that load malicious websites in a browser rather than inside the app. Meta says it also removed NSO‑linked test accounts and WhatsApp groups created to trial or stage these operations. WhatsApp has publicly shared several domains tied to the campaign, including fr24cast[.]com, ghazacast[.]com, and ikhwancast[.]com, to help users and security teams spot related activity across SMS, email, and other messengers. According to Meta, this behavior violates a permanent injunction that bars NSO from targeting WhatsApp or its users, so the company has asked a US federal court to hold the spyware vendor in contempt of that order.
Legal pressure versus determined spyware vendors
The clash between Meta and NSO has already produced high‑profile legal outcomes, but those decisions have not stopped attempted attacks. A US court previously found NSO liable for using WhatsApp infrastructure to deploy Pegasus against more than 1,400 people, and a jury initially awarded Meta approximately USD 168 million (approx. RM774,000,000) in damages before the judge cut the sum while issuing a permanent injunction. NSO was also added to the US Commerce Department’s Entity List for activities said to be contrary to national security and foreign policy interests. Despite this, Meta says it continues to see NSO‑linked attempts against WhatsApp users. This pattern shows that court orders and blacklists alone cannot fully deter surveillance‑for‑hire firms whose business model depends on breaching popular platforms. For everyday users, it means security can’t be outsourced to legal systems; personal defenses are essential.
How NSO Pegasus spyware abuses trust and everyday mobile habits
Pegasus is dangerous not only because of its technical sophistication, but because its operators lean on human trust and routine habits to get a foothold. NSO‑linked WhatsApp phishing attacks have used social‑engineering messages that appear to come from colleagues, contacts, or organizations the target expects to hear from, lowering suspicion when a link is sent. Once a victim taps a malicious URL, their browser may be used to exploit the device and silently install spyware. Even though WhatsApp messages and calls are end‑to‑end encrypted by default, Pegasus sidesteps that protection by infecting the phone itself: once the device is under control, attackers can read messages before encryption or after decryption, activate microphones, and track movements. This makes Pegasus a standout example of modern mobile security threats, where attackers focus on the device and the person, not just the app or network.
Spyware protection tips for WhatsApp and your phone
You can’t control what NSO or other surveillance vendors do, but you can make your WhatsApp account and phone a much harder target. First, enable WhatsApp’s two‑step verification so an attacker who steals your SMS code cannot easily take over your account. Turn on strict privacy settings: limit “Last seen and online,” profile photo, About, and profile links to contacts only, and consider switching off link previews so you see raw URLs instead of embedded cards. Treat links with suspicion, even from people you know—confirm unexpected requests through a separate channel before tapping. Keep your phone’s operating system and WhatsApp updated, since patches often close serious security holes. If you think you are at higher risk—because of your job, activism, or public profile—use WhatsApp’s stricter account protection features, report any strange messages through the app, and talk to a trusted security professional about additional hardening.
