Meta today accused spyware maker NSO Group of violating a court order that barred it from targeting users of WhatsApp.
“WhatsApp caught and disrupted spear phishing attempts linked to NSO, a spyware firm blacklisted by the US government,” WhatsApp owner Meta said in an announcement. Meta said it is asking a court “to hold NSO in contempt for violating a permanent injunction that barred them from ever targeting WhatsApp and its users.”
NSO is an Israeli company that developed the Pegasus spyware. The US government added NSO to the Entity List in 2021, saying it “developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
WhatsApp won a permanent injunction against NSO last year in US District Court for the Northern District of California, and a jury awarded WhatsApp over $167 million in damages. A federal judge reduced the award to $4 million but granted the injunction, which NSO has since been trying to overturn. NSO complained in a court filing that “the injunction jeopardizes NSO’s principal product, Pegasus, which represented 100 percent of NSO’s sales in 2025.”
The district court denied NSO’s motion to stay the injunction, and NSO has appealed to the US Court of Appeals for the 9th Circuit. Today, Meta said it caught NSO violating the court order.
“We successfully disrupted NSO-linked social engineering attempts, after investigating user reports,” Meta said today. “They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down.”
Meta’s contempt-of-court filing was not yet available today. We contacted NSO Group and will update this article if it provides a comment.
Meta: NSO is malicious, “continues to defy US courts”
WhatsApp filed its case against NSO in 2019, alleging that NSO used WhatsApp to send malware to about 1,400 mobile phones and devices for the purpose of surveilling the devices’ users.
“The evidence showed that defendants reverse-engineered WhatsApp’s code to create a modified version of the WhatsApp client application, which they then used to install their software on target users’ devices via WhatsApp’s servers,” US District Judge Phyllis Hamilton wrote in the permanent injunction order. “The evidence further showed that defendants repeatedly re-designed their software to avoid detection and circumvent plaintiffs’ security fixes.”
Meta said today that its “case has shown that NSO continues to build spyware tools to target people’s devices… When a malicious company on the US government’s Entity List continues to defy US courts, existing restrictions must remain firmly in place.”
NSO’s appeal to the 9th Circuit was opposed in an amicus brief filed last month by the Knight First Amendment Institute at Columbia University.
“The proliferation of commercial spyware across the globe is a profound threat to free expression and freedom of the press, with serious implications for the United States,” the Knight Institute said. “The technology at issue in this case, NSO Group’s Pegasus, allows for near-perfect surveillance of the victims targeted by NSO Group’s customers. Pegasus enables operators to take full control of a target’s smartphone, providing access to GPS locations, contact details, text messages, phone calls, notes, web-browsing history, messaging-application activity, files, and passwords—even if the target used security measures like encryption to protect their data.”
