A spyware firm has been targeting WhatsApp users with malicious links in contravention of a US court order forbidding it from doing so, Meta has said.
In a post, Meta said WhatsApp had “caught and disrupted spear phishing attempts” by NSO Group, which a spokesperson said targeted a handful of users in Jordan and Lebanon. It had also caught the group creating “test accounts and groups” on WhatsApp.
NSO was founded in Israel but, since last year, is under US ownership. It built the Pegasus spyware, at the time one of the most powerful surveillance tools ever – which used a vulnerability in WhatsApp to infiltrate users’ phones and harvest all their data: messages, photos, calls and more.
Last year, it lost a court case against Meta for exploiting WhatsApp to target people; Meta was awarded $167m in damages. A later case reduced this to $4m but placed a permanent injunction against NSO barring it from targeting WhatsApp and its users.
Meta said the latest attacks showed NSO had violated this injunction and it asked the court to hold the company in contempt of the order.
“To me, it’s an astonishing signal of hubris that NSO would do this while permanently enjoined from not doing it,” said John Scott Railton, a senior researcher at the Citizen Lab, which investigates digital threats against civil society.
“It either speaks to the fact that they think they wouldn’t get caught, or to the fact that they believe, rightly or wrongly, they have a special way to not face the consequences of violating a US federal permanent court injunction.”
Since the start of the Trump administration, reporting has suggested that NSO is searching for a way into the US market – and to do so is trying to get off the US commerce department “blacklist”, which bars it from doing business with US companies without specific approval.
It was placed there after the Biden administration determined it had acted “contrary to the foreign policy and national security interests of the US” over the widespread abuse from Pegasus.
The group appointed David Friedman, the US ambassador to Israel from 2017 to 2021 during Donald Trump’s first term, as executive chair last autumn and has engaged a lobbying firm close to the US president.
“They are the poster child for the lawless mercenary spyware industry. If they had chosen to not do this, their big effort to rebrand as an ethical spyware company that wants to make big moves into the US market would be more credible,” said Railton.
Earlier this year, Meta suggested that NSO was linked to a lawsuit brought against the company which alleged Meta could read users’ encrypted WhatsApp messages. The law firm that brought that case was also, at the time, representing NSO.
There have been a handful of cases since that have made similar claims, including one in Israel and another filed by the Texas attorney general, Ken Paxton.
“WhatsApp cannot access people’s encrypted communications and any suggestion to the contrary is false,” a Meta spokesperson, Rachel Holland, wrote in a statement about that lawsuit.
NSO Group did not respond to a request for comment.
Facts Only
Meta has accused NSO Group of targeting WhatsApp users with malicious links.
The attacks involved spear phishing and the creation of test accounts and groups on WhatsApp.
The targeted users were located in Jordan and Lebanon.
NSO Group developed Pegasus, a spyware tool that previously exploited a WhatsApp vulnerability to harvest user data.
In 2022, Meta won a lawsuit against NSO Group, resulting in a permanent injunction barring NSO from targeting WhatsApp users.
The initial damages awarded to Meta were $167 million, later reduced to $4 million.
Meta alleges NSO Group has violated the court order and is seeking contempt of court proceedings.
NSO Group is now under US ownership and has been attempting to rebrand as an ethical spyware company.
The firm is lobbying to be removed from the US Commerce Department’s blacklist.
NSO Group has appointed former US Ambassador David Friedman as executive chair.
Meta has linked NSO Group to lawsuits alleging WhatsApp can read encrypted messages, which Meta denies.
NSO Group did not respond to a request for comment.
Executive Summary
Meta has accused NSO Group, an Israeli-founded spyware firm now under US ownership, of violating a US court order by targeting WhatsApp users with malicious links. The attacks, which involved spear phishing and the creation of test accounts, were detected in Jordan and Lebanon. NSO Group is known for developing Pegasus, a powerful surveillance tool that previously exploited a WhatsApp vulnerability to extract user data. In 2022, Meta won a lawsuit against NSO, securing a permanent injunction barring the firm from targeting WhatsApp users, though the damages were later reduced from $167 million to $4 million. Meta now alleges NSO has breached this injunction and is seeking contempt of court proceedings.
NSO Group has been attempting to rebrand itself as an ethical spyware company while lobbying to be removed from the US Commerce Department’s blacklist, which restricts its business with US firms. The company has hired former US Ambassador David Friedman as executive chair and engaged lobbying firms with ties to the US president. Critics, including researchers at Citizen Lab, argue that NSO’s actions undermine its claims of reform, particularly given its history of widespread abuse of Pegasus. Additionally, Meta has linked NSO to lawsuits alleging WhatsApp can read encrypted messages, claims Meta denies. NSO Group has not responded to requests for comment.
Full Take
The strongest version of this narrative is that NSO Group, despite legal restrictions and a rebranding effort, continues to engage in aggressive surveillance tactics, undermining its claims of ethical reform. Meta’s allegations, supported by technical evidence of spear phishing and test accounts, suggest a pattern of defiance against court orders. The involvement of high-profile figures like David Friedman and lobbying efforts to remove NSO from the US blacklist add weight to the argument that the company is prioritizing market access over compliance.
Patterns detected: ARC-0024 Ambiguity (NSO’s rebranding vs. continued actions), ARC-0043 Motte-and-Bailey (claiming ethical reform while allegedly violating injunctions).
The root cause appears to be the tension between surveillance capitalism and regulatory oversight. NSO’s actions reflect a broader industry trend where spyware firms operate in legal gray areas, exploiting loopholes and lobbying for legitimacy while facing accusations of abuse. The implications for human agency are significant: if powerful surveillance tools remain unchecked, individual privacy and democratic accountability erode. The second-order consequences include normalized corporate espionage, weakened trust in encrypted platforms, and potential geopolitical tensions over cyber-surveillance.
Bridge questions: What would it take for NSO Group to demonstrate genuine reform? How should courts enforce injunctions against firms with global operations? What safeguards could prevent spyware from being weaponized against civil society?
Counterstrike scan: If this were part of a coordinated campaign, the playbook might involve discrediting Meta’s claims while framing NSO as a victim of overreach. However, the content aligns more with investigative reporting than a structured influence operation, as it presents verifiable evidence and multiple perspectives without overt manipulation.
Sentinel — Human
The text exhibits strong signs of human journalistic authorship, characterized by specific attribution, analytical synthesis, and a clear, complex narrative structure.