New WhatsApp Phishing Attempts Rekindle High-Profile Spyware Fight

This post is also available in:

Spyware attacks against messaging platforms remain one of the most serious challenges in digital security. While encrypted apps are designed to protect private conversations, attackers often try to compromise the device itself or lure users into clicking malicious links before encryption can help. That makes platforms such as WhatsApp attractive targets for companies and groups that develop offensive cyber tools.

Meta is now escalating its legal battle against Israeli spyware firm NSO Group, saying the company violated a permanent court injunction that barred it from ever targeting WhatsApp or its users. According to Meta, WhatsApp recently disrupted new spear-phishing attempts linked to NSO, despite the existing legal order.

The latest activity reportedly resembled earlier “one-click” phishing campaigns. In this type of attack, users are tricked into clicking a malicious link that redirects them to an external website. From there, attackers may attempt to install spyware, harvest credentials, or exploit vulnerabilities on the victim’s device. Unlike zero-click attacks, which require no user interaction, one-click campaigns rely on social engineering to convince the target to open the link.

According to Cyber News, Meta said WhatsApp removed test accounts and groups allegedly created by NSO on the platform. The company is now seeking a federal court contempt order, arguing that the spyware firm continued activity that the court had already prohibited.

The dispute follows years of litigation over alleged spyware operations targeting WhatsApp users. Last year, a U.S. court ordered NSO to stop targeting WhatsApp, a ruling the company warned could threaten its business. The court also decreased a damages award from approximately $168 million to $4 million, citing insufficient evidence to support the larger punitive amount.

From a defense and national security perspective, commercial spyware remains a major concern because it can be used to target journalists, officials, activists, diplomats, military personnel, and other sensitive users. Even when sold under claims of lawful government use, spyware tools can create serious risks if abused or deployed outside legal boundaries.

NSO has previously argued that its Pegasus spyware is sold only to government clients for lawful purposes. Meta, however, says the latest activity reinforces the need to hold spyware vendors accountable when their tools or operations target consumer platforms and users.