Meta says it caught and shut down fresh spear-phishing attempts linked to Israeli spyware maker NSO Group that tried to lure WhatsApp users into clicking malicious links leading to sites outside the app, mirroring the one-click attacks NSO has used to plant its Pegasus spyware. Meta also found and removed NSO-created test accounts and groups, and published the malicious domains involved. The company is now asking a US federal court to hold NSO in contempt for violating the permanent injunction issued last year barring it from targeting WhatsApp. High-risk users such as journalists, activists, and officials are the usual targets of this kind of mercenary spyware.
Security firm ESET has detailed a new Android spyware it calls Asin that targets Arabic-speaking users, likely journalists and open-source investigators. Victims are lured to convincing fake websites posing as a government news service, a secure PDF reader, and live war-map tools, some promoted through Facebook and Telegram pages. The sites offer apps such as GovLens, WarMap, and Syria Defense Map that work as advertised but hide spyware underneath. Because the apps come from outside official stores, victims must manually install them and grant permissions. ESET has not tied the campaign to a known group, and its exact goals remain unclear.