GoKawiilWhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks.
The NSO Group is an Israeli commercial spyware vendor known for its advanced “Pegasus” tool that has been deployed against politicians, activists, journalists, academics, and other “high-interest” individuals.
The firm has been on the U.S. sanctioned entities list since November 2021, due to supplying to foreign governments software products that were used against people and organizations in the U.S. Tools from NSO were also used by regimes considered repressive that targeted dissidents outside their borders.
Despite that, NSO continued to target WhatsApp users, on multiple occasions using zero-day vulnerabilities.
WhatsApp's parent company, Meta, has fought NSO Group in U.S. courts, securing a permanent injunction against it in 2025, a declaration of liability for 1,400 infections, and an associated $167,000,000 fine.
According to Meta’s latest announcement, these prior rulings have not deterred NSO Group's activities targeting certain WhatsApp users.
It is alleged that the attacker attempted to lure targets into clicking on malicious links that redirected to external websites, resembling previously documented one-click phishing campaigns associated with NSO.
“We successfully disrupted NSO-linked social engineering attempts, after investigating user reports,” Meta says.
“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO.”
“We also caught them creating test accounts and groups on WhatsApp, which we took down.”
... continue reading