WhatsApp has caught Israeli spyware firm NSO Group running new targeting campaigns against its users — in direct violation of a permanent court order — and is now asking a federal judge to hold the company in contempt.
Meta filed the contempt action on Monday, arguing NSO violated the permanent injunction that explicitly barred it from ever targeting WhatsApp and its users again. The move escalates what has become one of the most consequential legal battles in the history of commercial spyware.
WhatsApp uncovered the latest activity after investigating reports from users who encountered suspicious messages. The operation involved spear-phishing — targeted social engineering designed to lure specific individuals into clicking malicious links that redirected them to websites outside of WhatsApp.
WhatsApp also took down test accounts and groups that NSO had created on the platform as part of the operation. WhatsApp is releasing threat indicators publicly so that individuals and organizations can check whether they were targeted across any channel — email, SMS, or messaging apps.
Why This Matters
In May 2025, a U.S. federal jury ordered NSO to pay over $167 million in punitive damages following a 2019 campaign that compromised approximately 1,400 users. That case stemmed from NSO exploiting a buffer overflow vulnerability in WhatsApp's VoIP stack to silently deliver Pegasus spyware — a surveillance tool capable of extracting messages, files, location data, and activating a device's microphone and camera.
While a subsequent ruling reduced the punitive damages to $4 million, the permanent injunction remained intact and was seen as a substantial challenge for NSO, which faces ongoing accusations of enabling human rights abuses through Pegasus.
NSO's own CEO confirmed in court that the company actively pursues ways to access phones beyond WhatsApp — including browsers, operating systems, and third-party applications.
A Growing Coalition
WhatsApp isn't fighting alone. Last month, 12 prominent civil rights organizations — security researchers, privacy advocates, and digital rights experts — filed amicus briefs supporting the permanent injunction against NSO's appeal. WhatsApp is also making a significant financial contribution to the Spyware Accountability Initiative (SAI) to help fund organizations defending people against spyware attacks.
WhatsApp's targets in the 2019 campaign included journalists, diplomats, human rights defenders, and other high-risk individuals — a pattern consistent with NSO's reported customer base of government clients.
What Users Should Do
WhatsApp says all personal messages and calls remain protected by default end-to-end encryption. Users should keep apps and devices fully updated and report any suspicious messages or links directly through WhatsApp — those reports were precisely what led to the latest NSO operation.