Meta Thwarts NSO Group’s Latest WhatsApp Phishing Scheme and Pursues Legal Action
Meta has recently identified and intercepted a series of spear-phishing attacks orchestrated by the Israeli spyware firm NSO Group. These attacks aimed to deceive WhatsApp users into clicking malicious links that redirected them to external websites, reminiscent of previous one-click phishing campaigns associated with NSO. In response, Meta is filing a federal court contempt order against NSO Group for breaching a permanent injunction that prohibits the company from targeting WhatsApp and its users.
The social media giant also discovered that NSO Group had created test accounts and groups within WhatsApp, which have since been removed. The malicious domains linked to these activities include:
– fr24cast[.]com
– ghazacast[.]com
– ikhwancast[.]com
This development follows a series of legal challenges faced by NSO Group. In May 2025, a U.S. federal jury ordered the company to pay approximately $168 million in damages after it was found to have violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals worldwide. Additionally, in 2021, NSO Group was added to the U.S. Commerce Department’s blocklist for activities deemed contrary to national security and foreign policy interests.
Meta reassures users that personal messages and calls on WhatsApp remain protected with default end-to-end encryption. The company encourages users to keep their apps and devices updated and to report any suspicious activity promptly.
For individuals at heightened risk of sophisticated cyber attacks, Meta recommends enabling strict account settings to enhance security. These settings include:
– Activating two-step verification.
– Disabling link previews.
– Restricting visibility of last seen status, profile photo, and about details to contacts only or a predefined list.
– Limiting group additions to known contacts or a predefined list.
Meta emphasizes that these strict account settings serve as an advanced security feature, reducing vulnerability to cyber attacks by limiting certain functionalities.
