WhatsApp says it has disrupted new social engineering campaigns linked to Israeli spyware maker NSO Group and is now asking a US federal court to hold the company in contempt for violating a permanent injunction that barred it from targeting its users.
The company also published indicators of compromise associated with the activity, renewing calls for stronger action against the commercial spyware industry.
In October 2025, a federal judge permanently barred the surveillance vendor from accessing or targeting WhatsApp's platform after concluding that the company had violated US and California anti-hacking laws by deploying Pegasus spyware.
According to WhatsApp, the latest activity was uncovered after the company investigated reports from users who had encountered suspicious messages. The firm says the operation involved spear-phishing tactics designed to lure targets into clicking malicious links that redirected them to websites outside of WhatsApp.
WhatsApp also claims it identified NSO-linked actors creating test accounts and groups on the messaging platform, which were subsequently removed.
WhatsApp is one of the world's largest encrypted messaging services, serving more than two billion users globally. Its widespread adoption by journalists, activists, diplomats, business leaders, and government officials has made it a recurring target for surveillance vendors seeking ways to compromise mobile devices and intercept communications.
The company has published three domains allegedly used in the operation and is encouraging security researchers and potential targets to review them for signs of exposure:
- ikhwancast[.]com
- ghazacast[.]com
- fr24cast[.]com
These indicators can help organizations and individuals determine whether they may have encountered NSO-linked phishing attempts through email, text messages, messaging applications, or other communication channels.
The allegations come less than a year after US District Judge Phyllis Hamilton issued a permanent injunction against NSO Group. That ruling stemmed from Meta's lawsuit over a 2019 Pegasus campaign that targeted approximately 1,400 WhatsApp users, including journalists, diplomats, human rights defenders, and other high-risk individuals.
In that case, Meta successfully argued that NSO abused WhatsApp infrastructure to deploy Pegasus spyware, a highly sophisticated surveillance platform capable of extracting messages, collecting files, tracking location data, and activating a device's microphone and camera.
WhatsApp argues that the latest findings demonstrate that NSO continues to pursue methods for compromising devices despite the court order. The company pointed to testimony from NSO's chief executive during the trial, in which he acknowledged that the firm searches for alternative “vectors” to gain access to phones, including vulnerabilities in browsers, operating systems, and other applications beyond WhatsApp itself.
The messaging platform noted that NSO remains on the US Commerce Department's Entity List and warned against relaxing restrictions on surveillance vendors that continue developing offensive cyber capabilities.
Leave a Reply