Meta’s New Fight With NSO Group Shows Spyware Threat Isn’t Going Away for WhatsApp Users
Meta says NSO Group tried again to target WhatsApp users with phishing links, despite a court order barring the Israeli spyware vendor from the platform. The clash shows how commercial hacking tools keep circling back to mainstream apps, leaving activists, officials, and ordinary users exposed long after the first scandal fades.
The world’s biggest messaging platform and one of its most notorious spyware vendors are colliding again — a sign that the battle over who controls smartphones is far from settled. Meta has accused Israel‑linked NSO Group of returning to target WhatsApp users with phishing links, despite a court order that was meant to keep the company away from the service.
Meta disclosed that it had identified and blocked new attempts it links to NSO Group to deploy surveillanceware via malicious links aimed at WhatsApp users. The tech giant says the activity violates a U.S. court order stemming from its earlier legal campaign against NSO over the use of Pegasus spyware against journalists, activists, diplomats, and officials. Meta is now asking the court to hold NSO in contempt, escalating a years‑long legal and technical standoff.
For at‑risk users — from human‑rights defenders and investigative reporters to government staff and business executives — the news is a reminder that a single tapped link can still compromise an entire digital life. Even as vendors market spyware as a tool against terrorism and organized crime, its history includes repeated deployments against civil society and political targets. Ordinary WhatsApp users may feel far removed from this cat‑and‑mouse game, but if attackers are willing to burn sophisticated infrastructure to reach specific phones, the collateral risk to everyone on the platform rises.
At a strategic level, the dispute sits at the intersection of cybersecurity, human rights, and state power. NSO Group positions itself as a supplier to governments, embedding its tools inside national security and law‑enforcement apparatuses. Meta, by contrast, is casting itself as a defender of user privacy and platform integrity, arguing that unchecked commercial spyware undermines trust in global communications infrastructure. The underlying reality is that governments on every continent now see access to encrypted chats and smartphones as a critical intelligence objective, and private vendors are eager to meet that demand.
Legally, the outcome of Meta’s push to have NSO held in contempt will shape how far platform owners can go in using civil courts to defend their ecosystems. A strong ruling in Meta’s favor could deter some vendors from targeting major apps, or at least drive their operations deeper underground. A weaker or ambiguous outcome might signal that even the largest tech platforms struggle to enforce boundaries once states decide they need a particular capability.
This renewed clash also lands against the backdrop of ongoing cyber campaigns linked to state conflicts, including fresh reporting that Russia‑aligned actors are still exploiting a patched WinRAR flaw (CVE‑2025‑8088) against Ukrainian organizations nearly a year after the fix was released. Together, the stories show how the offensive side of cyber operations — whether run in‑house by intelligence agencies or outsourced to private spyware firms — remains persistent, even when vulnerabilities and abuses are publicly exposed.
For policymakers, the pressure is building to move from naming and shaming toward regulation. Several democracies have begun restricting or banning the domestic use of certain commercial hacking tools, but global controls remain patchy. Without coordinated export rules and procurement standards, companies like NSO can pivot to more permissive markets, and targeted users in less protected countries will feel the impact first.
Key Takeaways
- Meta says it has blocked new phishing campaigns tied to NSO Group that attempted to target WhatsApp users, in violation of an existing court order.
- The company is asking a U.S. court to hold NSO in contempt, escalating a long‑running legal fight over commercial spyware.
- The allegations show that even high‑profile scrutiny has not ended efforts to compromise encrypted messaging platforms.
- At‑risk groups such as journalists, activists, and officials remain especially exposed to targeted spyware campaigns.
- The case feeds into wider debates over regulating commercial surveillance technology and limiting its abuse by state clients.
Outlook & Way Forward
If courts back Meta’s contempt motion, other large platforms may be emboldened to pursue similar actions against spyware vendors, coupling technical defenses with legal consequences. That could marginally raise the cost of doing business for such firms, though it is unlikely to eliminate demand from governments seeking deniable access to phones.
Absent stronger international rules on the sale and use of commercial spyware, the arms race between app providers and intrusion specialists will continue. For users, especially those in sensitive roles or conflict‑affected regions, operational security — from careful handling of links and attachments to the use of separate devices for high‑risk tasks — will remain as critical as any court ruling in keeping their communications out of hostile hands.
Sources
- OSINT