WhatsApp, a messaging platform owned by Meta, has recently uncovered a spear-phishing attempt allegedly orchestrated by the NSO Group, a company known for its spyware. This development appears to contravene a court injunction that prohibits NSO from infiltrating WhatsApp systems.
Legal History and Court Injunction
The legal skirmish between WhatsApp and NSO dates back to 2019 when WhatsApp sued NSO following revelations of a zero-day vulnerability exploitation used to deliver spyware to its users. In December 2024, the courts held NSO accountable, and by May 2025, a jury awarded WhatsApp $444,000 in compensatory damages and $167 million in punitive damages, which NSO subsequently contested.
In a turn of events in October 2025, the punitive damages were slashed to $4 million; however, WhatsApp secured a permanent injunction preventing NSO from targeting its users. Despite these legal barriers, NSO has been actively seeking to overturn the restriction, claiming that their operations face irreparable damage.
Recent Allegations Against NSO
WhatsApp has accused NSO of breaching the permanent injunction. On Monday, the messaging giant revealed its discovery of a social engineering attack aimed at deceiving users into accessing harmful links. Although WhatsApp has only disclosed a limited number of compromised domains, it claims to have traced the attack back to NSO, citing similarities with documented phishing campaigns linked to the spyware firm.
Further investigations by WhatsApp uncovered that attackers were establishing test accounts and groups, which have since been deactivated. WhatsApp is reportedly taking additional measures to address the situation.
Legal and Social Implications
In response to the alleged violation, WhatsApp announced its intention to file a federal court contempt order against NSO for infringing upon the established injunction. This move is supported by nearly a dozen civil society organizations that have submitted an amicus brief to the Ninth Circuit Court of Appeals, urging the court to uphold the lower court’s ruling against NSO.
Additionally, WhatsApp is contributing significantly to the Spyware Accountability Initiative, a fund dedicated to combating the misuse of spyware technologies. This initiative underscores the broader implications and ongoing efforts to tackle surveillance abuses globally.
As the legal battle continues, the outcome could set a precedent for future cases involving cybersecurity and privacy rights.
