What Meta’s New Contempt Fight With NSO Group Is About
Meta’s escalating legal fight with NSO Group centers on allegations that the spyware vendor keeps running phishing campaigns and deploying its Pegasus tool against WhatsApp users despite a permanent court order telling it to stop, raising hard questions about how well laws can protect people from commercial surveillance-for-hire. Meta says it recently detected spear-phishing attacks linked to NSO Group Pegasus spyware that tried to lure WhatsApp users onto malicious external sites via “1-click” links. These operations reportedly continued after a federal court issued a permanent injunction banning NSO from targeting WhatsApp or its users, following an earlier case over Pegasus infections of about 1,400 accounts. By asking the court to hold NSO in contempt, Meta is pressing for stronger consequences while trying to reassure users that messaging app security on WhatsApp can withstand persistent spyware targeting users worldwide.
Inside the New WhatsApp Phishing Attacks Tied to Pegasus
Meta reports that the latest WhatsApp phishing attacks mirrored previous “1-click” campaigns: highly tailored messages carrying links that, once tapped, redirect victims to hostile sites where spyware can be delivered. The company says NSO-linked operators also created test WhatsApp accounts and groups, which were later removed, and used domains such as fr24cast[.]com, ghazacast[.]com and ikhwancast[.]com to host the malicious infrastructure. The goal of these spear-phishing attempts is to compromise devices, bypassing passwords or additional prompts by relying on a single, well-crafted click. Pegasus is known for turning phones into near-total surveillance devices that can read messages, activate microphones and track location. While WhatsApp’s end-to-end encryption protects message contents in transit, these attacks target the device itself, demonstrating how phishing remains a powerful route for spyware targeting users even on encrypted messaging platforms.
Court Orders, Sanctions and the Limits of Legal Pressure
Meta’s contempt motion builds on years of legal and regulatory action against NSO Group. WhatsApp first sued NSO in 2019 over a campaign that used its servers to infect about 1,400 users with Pegasus. A U.S. court later issued a permanent injunction forbidding NSO from targeting WhatsApp or its users and ordered monetary damages, originally set at approximately USD 168 million (approx. RM772.8 million) before being reduced to USD 4 million (approx. RM18.4 million). NSO also landed on a U.S. government blocklist for activities described as contrary to national security or foreign policy interests. Yet Meta now alleges NSO kept attacking, suggesting limited deterrent effect. According to Meta, the new attempts form “a pattern of behavior” that ignores the Meta court order and shows how well-funded spyware vendors can treat fines, sanctions and injunctions as operating costs rather than red lines.
What This Means for Messaging App Security and Users
The Meta–NSO clash highlights a structural problem for messaging app security: even when encryption is strong, attackers can still go around it by hacking the device. Pegasus is sold as a tool for law enforcement, yet investigations have tied NSO Group Pegasus spyware to campaigns against journalists, human rights defenders and opposition figures, turning commercial spyware into a broad threat to privacy. Meta’s disruption of recent WhatsApp phishing attacks shows that platform-level defenses, threat intelligence and rapid takedowns can block specific operations. But it also underlines that state-linked actors and surveillance vendors will keep testing new paths. Users who face higher risks, such as activists or reporters, should use stricter settings, including two-step verification, disabling link previews and restricting profile visibility to contacts, while treating unexpected links or calls as potential entry points for spyware targeting users.
Practical Steps WhatsApp Users Can Take Now
For everyday WhatsApp users, the Meta court order and contempt motion are background battles; the immediate issue is reducing exposure to WhatsApp phishing attacks. Start by keeping WhatsApp and your phone’s operating system updated, since many Pegasus-style tools rely on unpatched flaws. Enable two-step verification in WhatsApp so an attacker cannot easily hijack your account even if they gain temporary access to your device. Consider turning off link previews and be cautious with links sent through messages, especially from unknown numbers or accounts impersonating officials or companies. Meta recommends locking “last seen,” online status, profile photo and About details to contacts only, to reduce information attackers can use for social engineering. Finally, report suspicious messages or calls within the app. Platform teams can only disrupt malicious infrastructure and campaigns at scale if they see what is reaching users on the ground.
