What NSO’s Pegasus Spyware Is and Why WhatsApp Users Should Care
NSO Pegasus spyware is a commercial surveillance tool that can covertly seize control of a smartphone through WhatsApp phishing attacks and turn it into a persistent, round-the-clock monitoring device. Once Pegasus infects a phone, it can access messages, calls, location data, the microphone, and the camera, making it one of the most dangerous mobile security threats for spyware targeting users. Meta first sued NSO after Pegasus was delivered to roughly 1,400 WhatsApp users in a single operation, triggering years of legal and technical countermeasures. Despite WhatsApp’s end-to-end encryption, attackers keep probing the wider ecosystem through social engineering, malicious links, and one-click exploits that sit outside the encrypted channel itself. This combination of powerful spyware and convincing phishing lures means that journalists, activists, officials, and ordinary users can all become targets, often with little or no visible sign that anything has gone wrong on their device.
New WhatsApp Phishing Attacks: How NSO Allegedly Broke a Court Order
Meta reports that NSO Group continued launching WhatsApp phishing attacks even after a federal court issued a permanent injunction banning it from targeting the service and its users. According to Meta, its security teams recently detected spear-phishing campaigns that mirrored earlier one-click attacks, where a single tap on a malicious link can trigger Pegasus installation. Meta said it found NSO-linked test accounts and WhatsApp groups, which it removed, as well as domains such as fr24cast[.]com, ghazacast[.]com, and ikhwancast[.]com used as lures. These findings prompted Meta to file a contempt motion, arguing that NSO’s behaviour shows disregard for court-ordered restrictions. The legal clash builds on an earlier ruling in which a U.S. court ordered NSO to pay approximately USD 168 million (approx. RM772.8 million) in damages for exploiting WhatsApp servers to deploy Pegasus against more than 1,400 people worldwide.
Inside the One‑Click WhatsApp Phishing Playbook
The latest campaigns tied to NSO relied on spear-phishing: carefully crafted WhatsApp messages that push users toward external websites controlled by attackers. These one-click attacks do not necessarily ask for passwords or obvious data. Instead, they attempt to silently exploit the device once the victim taps the link. Meta described these attempts as similar to earlier one-click phishing campaigns linked to NSO, underscoring a pattern of repeated tactics. WhatsApp’s encryption protects message content in transit, but it cannot stop a user from being tricked into opening a malicious page outside the app. That is where Pegasus and other spyware targeting users can take hold, turning a single misstep into a full-device compromise. The sophistication of these lures means even careful users can be deceived, especially when messages appear to come from trusted contacts, familiar organisations, or urgent, high-stakes scenarios.
Meta’s Legal Counterattack and the Limits of Court Orders
Meta’s contempt motion signals a hardened stance against surveillance vendors that keep attacking its platforms despite court rulings. After the permanent injunction barred NSO from targeting WhatsApp, Meta’s discovery of fresh attacks pushed it to ask a judge to find the spyware maker in contempt. The company argues that repeated violations reveal how little NSO fears consequences, even while on a U.S. government blocklist and facing monetary damages. Civil rights groups, security researchers, and digital rights advocates have filed amicus briefs backing Meta’s position, highlighting wider concern over commercial spyware abuse. Yet this legal escalation also exposes the limits of enforcement. Court orders and sanctions do not automatically stop covert operations run across borders and through shell infrastructure. For platform defenders, every ruling is only as strong as their ability to detect, attribute, and disrupt the next wave of attacks in real time.
How to Protect Yourself from Pegasus‑Style WhatsApp Attacks
Even with Meta disrupting recent campaigns, users remain exposed to NSO Pegasus spyware and similar threats, so practical defence steps matter. Treat all unexpected links in WhatsApp as suspicious, especially those promising exclusive content, urgent warnings, or sensitive documents. Meta urges users to keep apps and operating systems updated, since many exploits rely on unpatched flaws. WhatsApp also offers a strict account settings mode for people at higher risk, such as journalists, activists, and public figures. In this mode, two-step verification is turned on, link previews are disabled, and visibility for last seen, online status, profile photo, About details, and profile links is limited to contacts or more private options. Report any suspicious messages or accounts inside WhatsApp so Meta can investigate and block emerging campaigns, and consider using separate devices for sensitive work to reduce the impact of a single compromise.
