Details
- WhatsApp says it disrupted new spear-phishing attempts linked to NSO Group and is seeking a federal court contempt order, arguing NSO violated a permanent injunction barring it from targeting WhatsApp and its users.
- The dispute involves WhatsApp (owned by Meta), NSO Group, Citizen Lab, Apple, and a coalition of 12 civil rights and digital rights organizations backing the original injunction and opposing NSO’s appeal.
- Attackers allegedly used malicious links (including domains like hxxps://ikhwancast[.]com, hxxps://ghazacast[.]com, and hxxps://fr24cast[.]com) and test WhatsApp accounts and groups to lure victims to compromised sites outside the app, similar to prior NSO-linked one‑click phishing campaigns.
- The contempt motion builds on WhatsApp’s 2019 lawsuit and its later landmark verdict and permanent injunction against NSO, amid broader scrutiny of commercial spyware tools used against journalists, officials, military personnel, and NGOs.
- WhatsApp is sharing threat indicators for cross‑platform detection, funding the Spyware Accountability Initiative to support global forensic and advocacy work, and reiterating its reliance on default end‑to‑end encryption plus stricter account settings for high‑risk users.
Impact
This escalation hardens legal and political pressure on commercial spyware vendors and reinforces U.S. national‑security framing of surveillance‑for‑hire tools. Expanded funding and data sharing for civil society forensics will likely sharpen technical attribution and drive stricter regulation and export controls over the next 12–24 months, increasing compliance and security demands on telcos, app platforms, and spyware buyers alike.