Meta is once again asking a court to intervene in its long-running battle against spyware maker NSO Group. The company says it has disrupted a spear-phishing attempt that targeted WhatsApp users and is now asking a federal court to hold NSO in contempt.
This latest development highlights the ongoing cat-and-mouse game between tech companies and sophisticated surveillance firms, despite legal victories and court injunctions meant to protect users from invasive spyware attacks.
Meta’s battle with the company behind the infamous Pegasus spyware dates back to 2019, when it sued the “cyber intelligence” firm for targeting human rights activists, journalists, political dissidents and others. A jury last year awarded Meta $167 million in damages, which was later reduced by a judge to $4 million. That judgment also came with a permanent injunction that banned NSO from targeting WhatsApp and its users.
Less than a year later, Meta says it has caught NSO violating the terms of that order. According to the company, it discovered a cluster of NSO-linked accounts that were attempting to trick WhatsApp users into clicking on malicious links that were similar to other phishing campaigns tied to the spyware maker.
According to a Meta spokesperson, the latest phishing campaign targeted fewer than 10 WhatsApp users who were “primarily” in Jordan and Lebanon. “We have not seen signs of compromise among identified targets,” the spokesperson said.
The incident underscores the persistent threat posed by commercial spyware companies, even when they face legal consequences. NSO Group’s Pegasus spyware has been used by governments worldwide to monitor activists, journalists, and political opponents, raising significant human rights concerns.
In its disclosure, Meta shared the domains it identified that were associated with the phishing campaign so that others can check if they have been targeted on WhatsApp or another platform. This transparency approach has become standard practice for tech companies dealing with state-sponsored or commercial surveillance threats.
The timing of this alleged violation is particularly notable given the relatively recent court victory. It suggests that despite legal setbacks and financial penalties, NSO Group may be continuing operations that put user privacy and safety at risk. This case could set important precedents for how courts handle violations of injunctions in cybersecurity cases.