WhatsApp Disrupts NSO Spyware Campaign, Accuses Israeli Firm of Violating Court Ruling

Summary

WhatsApp has announced it successfully detected and disrupted a social engineering campaign linked to NSO Group, the infamous Israeli spyware vendor. The campaign involved attempts to trick users into clicking malicious links that would direct them to external websites, along with the creation of test accounts and groups on the platform—tactics similar to NSO's previously reported one-click phishing attacks. NSO Group specializes in selling state-backed spyware like Pegasus, which relies on zero-day exploits and is typically sold to governments for use against journalists, human rights defenders, and political opponents.

The attack marks a flagrant violation of a landmark 2021 court ruling that barred NSO from ever using WhatsApp against its users again. WhatsApp has filed for legal action to hold NSO accountable. This is not the first time WhatsApp has faced NSO threats—the company previously prevented an attack from the group in 2019 and has been a vocal critic of the spyware vendor's practices. The incident underscores the ongoing security arms race between technology platforms and state-backed malicious actors, with WhatsApp, Apple, and Signal all implementing defensive measures including memory-safe libraries, sandboxing, and lockdown mode features.

Experts note that while these defensive measures are critical steps forward, the only way to truly protect users against sophisticated state-backed spyware is for the industry to accelerate adoption of memory-safe programming languages and advanced sandboxing techniques. The cat-and-mouse game between software vendors and NSO Group highlights the security vulnerabilities that persist even in modern operating systems like iOS and Android.

• Tech companies are implementing defensive measures (memory-safe libraries, Lockdown Mode, strict account settings), but industry-wide adoption of memory-safe languages is critical for long-term protection