WhatsApp blocked a phishing campaign designed to deliver NSO Group's Pegasus spyware to its users, the company announced. The attack violates a court order against NSO dating back to 2021, when WhatsApp initially sued the Israeli surveillance firm over a zero-day exploit that infected roughly 1,400 users.
NSO Group, a privately held spyware vendor, has faced relentless legal and regulatory pressure for years. WhatsApp's latest disclosure shows the threat persists despite legal action. The phishing attempt used fake links to trick users into installing malicious software, a distribution method distinct from NSO's earlier zero-day tactics.
WhatsApp detected and disrupted the campaign before widespread infection. The company did not specify the number of targeted users or which countries faced exposure. NSO did not immediately respond for comment.
This incident underscores the cat-and-mouse dynamic between messaging platforms and surveillance firms. NSO's Pegasus software remains one of the world's most sophisticated mobile spyware tools, capable of extracting data from iOS and Android devices without user knowledge. The tool has been linked to surveillance of journalists, activists, and government officials globally.
The 2021 ruling against NSO required the company to cease selling exploits to WhatsApp. That order clearly has not stopped NSO's efforts to target WhatsApp users through alternative means. Courts and governments worldwide have begun restricting NSO's operations. The U.S. Commerce Department blacklisted the company in 2021, and multiple countries have launched investigations into its practices.
For WhatsApp parent company Meta, the phishing campaign represents another flashpoint in securing its 2 billion-plus users. The company has invested heavily in encryption and security features, but sophisticated threat actors continue to find new attack vectors.
NSO's business model depends on selling access to governments and intelligence