WhatsApp blocks NSO phishing attempts, seeks contempt ruling over injunction

WhatsApp said it blocked new spear-phishing attempts linked to NSO Group and is now asking a federal court to hold the spyware maker in contempt for violating a permanent injunction. The fight goes well beyond a single app: Meta is casting the case as a test of whether court orders and sanctions can actually restrain commercial spyware operators that keep putting users, companies and governments at risk.

In a filing disclosed June 8, 2026, Meta said the latest campaign tried to trick people into clicking malicious links that redirected them to external websites outside WhatsApp. The company also said it caught NSO creating test accounts and groups on WhatsApp, then shut them down. Meta said the activity resembled earlier one-click phishing campaigns linked to NSO, and that it was sharing threat indicators so people could check for signs of targeting across text messages, email, WhatsApp and other channels.

The contempt request builds on a years-long legal battle that began after WhatsApp sued NSO in November 2019 over a mass-hacking campaign that targeted more than 1,400 users through a vulnerability in WhatsApp’s audio-calling system. Testimony in the case later showed that NSO kept targeting WhatsApp users even after the lawsuit was filed, and internal code names tied to the zero-click versions of the attack included Erised, Eden, Heaven and Hummingbird.

A jury in May 2025 ordered NSO to pay more than $167 million in damages, a ruling that underscored the financial and legal exposure facing spyware vendors. Reuters later reported that the punitive damages portion was reduced to $4 million from the original $167 million award, but the permanent injunction remained in place. Meta said the court was “unequivocal” that NSO violated federal and state anti-hacking laws.

Meta has argued that spyware is a national security threat and has pointed to NSO’s placement on the U.S. government’s Entity List as evidence that the company remains a danger to both users and American firms. The stakes are not limited to WhatsApp accounts: researchers have long documented Pegasus abuse against journalists, activists, government officials, military personnel and humanitarian organizations in countries including Jordan, Mexico, Saudi Arabia and Uzbekistan.

Meta said it was also backed last month by 12 civil rights organizations, security researchers, privacy advocates and digital rights experts who filed amicus briefs supporting the injunction as NSO appeals. Citizen Lab, which helped notify victims of the 2019 attack, has been central to documenting how the spyware ecosystem keeps spreading legal, diplomatic and personal-security risk long after the first compromise.