Meta says WhatsApp caught a fresh NSO-linked phishing campaign despite a court order banning it.
The company has asked a US federal court to hold NSO in contempt for breaking the injunction.
The campaign was small, fewer than 10 users, mostly in Jordan and Lebanon, with no confirmed compromise.
Meta is back in court against the maker of Pegasus spyware, and this time it says NSO Group broke a direct order to stay away. On June 8, 2026, Meta announced that WhatsApp detected and disrupted new spear-phishing attempts linked to NSO and filed a federal contempt motion asking the court to enforce the ban it already won.
What WhatsApp found
According to Meta, the attackers tried to trick users into clicking malicious links that led to external websites, a pattern that mirrors the 1-click phishing campaigns previously tied to NSO.
WhatsApp also caught NSO creating test accounts and groups on the platform and removed them. Meta published the malicious domains linked to the activity, including fr24cast, ghazacast, and ikhwancast, so security teams and users can check whether they were targeted.
Why this is a contempt motion, not a new lawsuit
This is an escalation. In October 2025, Judge Phyllis Hamilton issued a permanent injunction barring NSO from ever targeting WhatsApp or its users, after a 2025 jury found NSO liable. Rather than start a fresh case, Meta is asking the same court to enforce that order with sanctions, which can mean fines or other penalties.
NSO is appealing the verdict, but the appeal does not pause the injunction, so NSO is required to comply now. In May 2026, 12 civil rights groups filed amicus briefs backing the injunction.
Keeping it in proportion
A few honest caveats. The new campaign was narrow. A Meta spokesperson said it targeted fewer than 10 WhatsApp users, mainly in Jordan and Lebanon, and Meta has not found evidence that any were successfully compromised. It is also an accusation at this stage. NSO has not been found in contempt yet and did not respond to a Reuters request for comment. NSO has long argued it sells Pegasus only to vetted government agencies for fighting crime and terrorism.
Why it matters
The bigger question is whether a court order can actually stop a spyware firm. NSO is already US-blacklisted, lost the case, and is under a permanent injunction, yet Meta says the activity continued.
If the contempt motion succeeds, it would be one of the first real tests of whether these injunctions have teeth. For everyone else, the takeaway is practical: keep apps updated, turn on two-step verification, and treat unexpected links with suspicion, because encryption protects messages in transit but not a device that spyware has already reached.
https://www.youtube.com/shorts/ZJJnGmudBC0
Quick Links: