WhatsApp says NSO targeted users with spearfishing attacks in violation of court order

WhatsApp on Monday accused the spyware manufacturer NSO Group of deploying spearfishing attacks against its users in violation of an October court order barring the firm from using the messaging app as an attack vector.

The Meta-owned messaging app detected the attacks after users reported suspicious activity, according to a Meta blog post. 

WhatsApp is filing a federal court contempt order against NSO for violating the permanent injunction that bars it from mounting such attacks, the blog post said. NSO has been implicated in spyware abuses worldwide that have snooped on human rights activists, journalists and others.

The alleged violations come after WhatsApp prevailed in a lawsuit against NSO stemming from its targeting of about 1,400 of the messaging app’s users with zero-click attacks in 2019.

In May, a jury awarded WhatsApp $167 million, but that amount was later reduced to $4.4 million by the federal judge presiding over the case.

The permanent injunction the judge issued in October spurred NSO to tell the judge it could “put NSO’s entire enterprise at risk” and “force NSO out of business.”

NSO’s motion to stay the order — denied by the judge — also argued that it would “suffer irreparable, potentially existential injuries” if it can’t mount attacks through WhatsApp. 

The permanent injunction hurts the public because it undermines law enforcement, intelligence and counterterrorism operations, NSO has said.

In November, NSO filed an appeal seeking to reverse the permanent injunction, a process that is ongoing. 

WhatsApp said the latest attacks used social engineering techniques to try to “trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO.”

NSO also created test accounts and groups that WhatsApp has removed, the blog post said.

A spokesperson for NSO did not immediately respond to a request for comment.

“Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group — a spyware firm blacklisted for actions contrary to US national security — from targeting WhatsApp and its users ever again,” the blog post said. “The court was unequivocal: NSO violated the federal and state laws against hacking.”

“Today, we’re asking the court to hold them in contempt of that order.”

WhatsApp shared the threat indicators it says the spyware firm used to mount the attacks and is encouraging the public to check if they have been targeted by NSO-linked social engineering methods across platforms, including text messages and emails.

A group of American investors bought NSO last year and have said they are seeking to enter the U.S. market.