WHATSAPP has taken legal action against NSO Group after detecting renewed phishing attempts aimed at its users according to its latest update. The messaging platform filed a motion in a US federal court accusing the spyware vendor of violating an existing injunction that bars it from targeting WhatsApp. This move follows a wave of user reports about suspicious links designed to harvest credentials and install surveillance tools.
The phishing campaign uses spear‑phishing tactics, with attackers sending messages that appear to come from trusted contacts or official services as reported by security analysts. When a recipient clicks the supplied link they are redirected to a malicious domain that harvests login details or delivers a payload capable of exfiltrating data from the device. WhatsApp’s security team identified three domains tied to the activity and has already blocked them at the network level.
Although no CVE identifiers have been associated with this wave, the attack mirrors earlier efforts where NSO exploited zero‑day vulnerabilities to install its Pegasus spyware according to a recent advisory. The current approach relies on social engineering rather than a software flaw, aiming to trick users into divulging authentication codes or installing malicious profiles. Test accounts created by NSO were used to trial the lures before they were rolled out to real targets.
NSO Group remains subject to a US government blacklist and a December 2024 court order that required it to pay damages and cease all hacking attempts against WhatsApp as noted in recent coverage. Despite those rulings, the firm has persisted in developing new lures, prompting WhatsApp to seek a contempt citation. Civil society organisations have filed amicus briefs supporting the platform’s stance, highlighting the risk to journalists activists and dissidents who rely on the app for secure communication.
The legal battle underscores the broader challenge of regulating mercenary spyware that continues to evolve its tactics even when technical avenues are blocked observers have warned. By turning to credential phishing, NSO attempts to bypass the protections afforded by end‑to‑end encryption and the app’s hardened codebase. Successful compromises could give attackers access to message histories contact lists and location data, amplifying the potential harm beyond a single device.
Users should treat any unexpected message containing a link with skepticism, especially if it urges urgent action or asks for verification codes. Enabling two‑factor authentication on linked email and cloud accounts adds a layer of defence even if a password is disclosed. Keeping the WhatsApp client updated ensures that the latest safety checks and domain blocks are active, and reporting suspicious chats through the app’s in‑app tool helps the security team track emerging threats. Staying vigilant remains the most effective defence against credential‑phishing attempts that seek to undermine private communications.