← All articles

Meta disrupts new NSO spyware phishing aimed at WhatsApp users

Meta says it caught and shut down fresh spear-phishing attempts linked to Israeli spyware maker NSO Group that tried to lure WhatsApp users into clicking malicious links leading to sites outside the app, mirroring the one-click attacks NSO has used to plant its Pegasus spyware. Meta also found and removed NSO-created test accounts and groups, and published the malicious domains involved. The company is now asking a US federal court to hold NSO in contempt for violating the permanent injunction issued last year barring it from targeting WhatsApp. High-risk users such as journalists, activists, and officials are the usual targets of this kind of mercenary spyware.

Check
Block the NSO-linked phishing domains Meta published at your web and DNS gateways, and review whether high-risk staff received WhatsApp messages pushing links to external sites.
Affected
WhatsApp users targeted by one-click social-engineering links, especially high-risk individuals like journalists, activists, and government officials who are typical mercenary-spyware targets.
Fix
Avoid clicking links in unsolicited WhatsApp messages, enable Lockdown Mode on iOS and Android for high-risk users, keep devices fully updated, and block the published malicious domains.