Meta has accused Israeli-founded spyware firm NSO Group of targeting WhatsApp users despite a US court order that permanently banned the company from attacking the messaging platform. The claim raises fresh concerns over the enforcement of legal restrictions on commercial spyware operations and the ongoing risks faced by encrypted messaging users worldwide.
In a statement, Meta said WhatsApp detected and disrupted spear phishing attempts linked to NSO Group. The attacks reportedly targeted a small number of users in Jordan and Lebanon. The company also said it identified NSO creating test accounts and groups on WhatsApp, which it believes were used to prepare for further intrusion attempts.
NSO Group, originally founded in Israel and now under US ownership, is best known for developing the Pegasus spyware system. Pegasus has previously been described as one of the most powerful surveillance tools ever created. It was capable of exploiting software vulnerabilities in messaging apps like WhatsApp to gain access to a victim’s phone and extract sensitive data, including messages, photos, call logs, and more.
The latest allegations come after a long legal battle between Meta and NSO Group. In the previous case, Meta was awarded $167 million in damages after a court found that NSO had abused WhatsApp vulnerabilities to target users. That amount was later reduced to $4 million, but the court imposed a permanent injunction preventing NSO from targeting WhatsApp or its users again.
Meta now says the new activity shows NSO has violated that injunction. The company has asked the court to hold NSO in contempt, arguing that the spyware firm has continued operations in direct defiance of the ruling.
Security experts say the allegations, if confirmed, would represent a serious breach of court authority. John Scott Railton, a senior researcher at Citizen Lab, said it was surprising that NSO would risk further legal consequences while under a permanent ban. He suggested the company may believe it can avoid detection or limit enforcement of the order.
The dispute highlights broader concerns about the commercial spyware industry. NSO Group has repeatedly faced criticism for its tools being used against journalists, activists, and political figures around the world. Pegasus spyware, in particular, has been linked to multiple global surveillance scandals.
NSO has also been under pressure from US regulators. It was placed on the US Commerce Department’s “entity list,” which restricts American companies from doing business with it. The US government took this step after determining that NSO’s activities were contrary to national security and foreign policy interests.
Despite these restrictions, the company has been seeking ways to re-enter the US market. Reports suggest it has engaged lobbying firms and appointed former US ambassador David Friedman as executive chair in an effort to improve its standing and possibly lift restrictions. The company is also working to remove itself from the blacklist that blocks access to US business partnerships.
Critics argue that NSO’s recent actions undermine its efforts to rebrand itself as a more responsible technology provider. Researchers at Citizen Lab say continued violations of legal orders would damage any claim that the company is attempting reform or ethical repositioning.
Meta has also reiterated that WhatsApp remains fully protected by end-to-end encryption. The company emphasized that it cannot access users’ private messages and rejected claims suggesting otherwise. It says the latest spyware attempts are focused on exploiting users directly rather than breaking encryption systems.
The case is now expected to return to court, where Meta will seek enforcement of the existing injunction. If the allegations are proven, NSO Group could face further legal penalties, adding to mounting pressure on the controversial spyware developer.
The dispute underscores the ongoing global struggle between encrypted communication platforms and surveillance technology firms, as governments, courts, and tech companies attempt to define the boundaries of digital privacy and security in an increasingly complex cyber landscape.
