WhatsApp is asking a federal court to hold NSO Group in contempt after catching the blacklisted spyware firm allegedly violating last year's permanent injunction. The Meta-owned messaging platform disrupted what it says were NSO-linked phishing campaigns and test account creation—direct defiance of a landmark 2025 court order that barred the Israeli company from ever targeting WhatsApp users again. The move escalates a legal battle that's become ground zero in the fight against commercial spyware.
WhatsApp just caught a blacklisted spyware maker red-handed. The company disrupted what it says were fresh attacks by NSO Group—the same Israeli firm a federal court permanently banned from targeting its platform just last year—and now it's asking judges to hold NSO in contempt. The alleged violations mark a brazen test of whether court orders can actually stop the multibillion-dollar commercial spyware industry.
The evidence WhatsApp uncovered is damning. After investigating user reports, the company's security team found NSO-linked social engineering attempts designed to trick people into clicking malicious links that would drive them to external websites beyond WhatsApp's encrypted environment. The tactics mirror previously reported 1-click phishing campaigns tied to NSO's Pegasus spyware. But that's not all—WhatsApp also caught NSO creating test accounts and groups on the platform, infrastructure likely meant to develop new attack vectors. The company shut them all down.
"The court was unequivocal: NSO violated the federal and state laws against hacking," Meta wrote in its announcement. "Today, we're asking the court to hold them in contempt of that order." It's a significant escalation in a case that made history in 2025 when WhatsApp secured a landmark verdict and permanent injunction against the firm blacklisted by the US Commerce Department for activities contrary to national security.
This isn't just about WhatsApp. NSO's CEO confirmed in court testimony that the company actively hunts for "vectors, or ways to access the phone" far beyond any single messaging app. They're targeting browsers, operating systems, and pretty much any application they can exploit. It's an admission that reveals the scope of the commercial spyware threat—no technology is safe, and the reported targets range from journalists and human rights defenders to government officials and military personnel.
WhatsApp is taking an unprecedented step by releasing threat indicators to the public. The company disclosed three malicious domains—ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com—so anyone can check whether they were targeted by NSO-linked campaigns, regardless of which platform the attack came through. Whether it arrived via text message, email, or any messaging service, users now have concrete indicators to search their records.
The contempt filing comes as NSO fights to overturn last year's injunction. Just last month, 12 prominent civil rights organizations—including Access Now and Knight First Amendment Institute at Columbia University—filed amicus briefs supporting WhatsApp's position. The coalition of security researchers, privacy advocates, and digital rights experts argued that weakening restrictions on NSO would undermine US national security and threaten billions who depend on secure communications.
Meta is putting money behind the fight too. The company announced it's making a significant contribution to the Spyware Accountability Initiative, which supports dozens of organizations worldwide doing forensic research, user support, and advocacy work. This civil society network has already delivered massive impact—a Citizen Lab zero-day discovery led Apple to push a critical security update to over a billion devices. Earlier this year, a Greek court issued the first-ever criminal conviction of spyware company executives, built on forensic evidence and investigative reporting by civil society organizations.
"This work is demanding, often dangerous, and consistently under-resourced compared to the spyware industry that continues to develop new exploits," Meta wrote. The company's contribution aims to level that playing field, funding the researchers and advocates who've become the front line against surveillance-for-hire firms.
For WhatsApp's 2 billion-plus users, the platform's default end-to-end encryption remains intact—personal messages and calls stay protected. But the company is urging users who believe they might be targeted by sophisticated attacks to enable strict account settings for additional hardening. The basic hygiene advice applies too: keep apps and devices updated, and report suspicious activity immediately.
The contempt motion sets up a critical test. NSO Group sits on the US Entity List, effectively blacklisted for threatening national security. If a company under those restrictions can violate a federal court injunction without serious consequences, the entire regulatory framework around commercial spyware enforcement comes into question. WhatsApp's case has already rewritten the playbook for how tech companies can fight back against spyware makers through litigation—now we'll see if courts can actually enforce those victories.
What happens next could reshape the entire commercial spyware industry. If courts hold NSO in contempt for violating the injunction, it sends a clear signal that legal victories against spyware makers have real teeth. If NSO skates, it suggests that even blacklisted firms under permanent court orders can continue operating with impunity. WhatsApp has built a coalition—civil rights organizations, security researchers, and now significant funding for on-the-ground defenders—that extends far beyond a single company's legal department. The threat indicators released today mean anyone can now check if they were in NSO's crosshairs, turning detection into a collective defense. With NSO's appeal still pending and this new contempt motion in play, the legal battle that started with a 2019 attack on 1,400 WhatsApp users has become the defining test case for whether courts and regulations can actually constrain the surveillance-for-hire industry.
