NSO Group tried to sneak Pegasus onto WhatsApp again, and got caught red-handed. WhatsApp announced Monday that it disrupted a new spear-phishing campaign tied to the spyware maker, filing a contempt-of-court motion because the attacks violate a permanent injunction barring NSO from targeting the messaging app or its users.
How WhatsApp Caught the Latest Pegasus Campaign
WhatsApp traced the attacks after users reported suspicious activity. The company says NSO operators attempted to trick people into clicking malicious links that would redirect them to external websites — the same infection vector used in a 2024 Pegasus campaign in Jordan. Beyond phishing, WhatsApp also spotted and took down test accounts and groups that the spyware maker created to stage the operation.
Each click on those links could have silently installed Pegasus, giving attackers complete access to the victim’s device: messages, calls, microphone, camera. NSO did not respond to TechCrunch’s request for comment.
Legal Consequences: Contempt and a Shrinking Judgment
This isn’t NSO’s first rodeo with WhatsApp’s lawyers. The permanent injunction stems from a 2019 mass-hacking campaign that targeted over 1,400 WhatsApp users. WhatsApp sued, and a jury ordered NSO to pay $167 million in damages — later reduced to just $4 million on appeal. Now WhatsApp wants the court to hold NSO in contempt for flouting that very order.
If the contempt motion succeeds, NSO could face additional fines or even stricter court supervision. The company’s legal troubles compound its commercial survival: NSO is still on the U.S. Commerce Department blocklist, a status that has crippled its ability to sell to American customers.
The Broader War on Commercial Spyware
Over the last decade, security researchers and journalists have documented NSO’s spyware infecting the phones of journalists, dissidents, human rights workers, and political opponents. Tech companies have responded by exposing campaigns, notifying victims, and suing spyware makers. The U.S. government has also imposed sanctions on NSO and other firms like Intellexa.
Last year a group of U.S. investors bought NSO, aiming to rehabilitate its reputation and lobby the government to lift the blocklist. That pitch looks much harder when the company can’t even obey a sitting court order. WhatsApp’s contempt filing ensures that NSO’s path back to the American market runs directly through a federal judge who already ruled against them once.
Source: WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order
Domain: techcrunch.com
Comments load interactively on the live page.