WhatsApp has accused the Israeli spyware vendor NSO Group of continuing to target users of its messaging service despite a court order explicitly barring such activity. The development, reported by SecurityWeek, highlights ongoing tensions between the Meta-owned platform and the controversial firm known for its Pegasus spyware.
The allegations surfaced in a filing submitted to a federal court in California, where WhatsApp first sued NSO Group back in 2019. In that original lawsuit, WhatsApp claimed that NSO had exploited a vulnerability in its video calling feature to deliver spyware to roughly 1,400 mobile phones. The targets reportedly included journalists, human rights activists, government officials, and diplomats across multiple countries. Rather than focusing on traditional cybercriminals, the operation appeared aimed at high-profile individuals whose communications could hold strategic or political value.
NSO Group has long maintained that it sells its technology exclusively to government agencies for legitimate law enforcement and counterterrorism purposes. The company insists it does not operate the spyware itself and has no visibility into specific targets once a license is sold. However, repeated investigations by organizations such as Amnesty International and Citizen Lab have linked Pegasus infections to cases involving political opponents, exiled dissidents, and independent media outlets. These findings have cast doubt on NSO’s narrative of strict ethical controls.
In 2021, a U.S. federal judge issued a preliminary injunction against NSO Group, prohibiting the firm from accessing WhatsApp’s systems or attempting to interfere with the service in any way. The order came after the court found sufficient evidence that NSO had used WhatsApp’s infrastructure to identify and infect user devices. The injunction was intended to halt further exploitation while the broader lawsuit proceeded. Yet according to WhatsApp’s latest court documents, NSO has continued its efforts to circumvent protections and maintain access to the platform’s network.
WhatsApp’s legal team presented technical evidence suggesting that NSO attempted to identify phone numbers associated with the service even after the injunction took effect. The company described a pattern of activity that appeared designed to map user accounts and test new infection vectors. These actions, WhatsApp argued, directly violated the court’s clear instructions and demonstrated a deliberate disregard for legal boundaries. The filing seeks additional sanctions against NSO and potentially stronger enforcement measures to prevent future breaches.
The case touches on broader questions about the private spyware industry and its relationship with democratic oversight. Pegasus has gained notoriety for its ability to infect devices without requiring any action from the target. Early versions relied on so-called zero-click exploits that could compromise a phone simply by receiving a specially crafted message or call. Later iterations reportedly shifted toward other delivery methods after security researchers began publishing detailed analyses of the malware’s behavior.
Security researchers have documented instances where Pegasus operators used fake news alerts, corrupted image files, and even iMessage vulnerabilities to gain initial access. Once installed, the spyware can record calls, capture keystrokes, access encrypted messages, track location data, and activate device cameras and microphones. The sophistication of these capabilities has made Pegasus a preferred tool for certain intelligence agencies seeking to monitor individuals outside traditional surveillance frameworks.
NSO Group entered the U.S. blacklist in 2021 when the Biden administration added the company to the Entity List, citing risks to national security and foreign policy interests. That designation effectively prevents American companies from doing business with NSO without special licenses, a restriction that has complicated the firm’s operations. Several European governments have also distanced themselves from NSO following public revelations about its clients’ targeting practices.
Despite these setbacks, reports suggest NSO has continued developing new versions of its surveillance tools. Some analysts believe the company has pivoted toward clients in regions with fewer regulatory constraints or less public scrutiny. Others point to the emergence of rival firms offering similar capabilities, creating a competitive market that may encourage innovation in stealth and persistence techniques.
WhatsApp has invested heavily in strengthening its security posture since the initial revelations. The company introduced end-to-end encryption by default for all messages, calls, and group chats more than a decade ago. It has also deployed advanced threat detection systems that scan for anomalous behavior indicative of spyware campaigns. These defenses include monitoring for unusual server connections, irregular traffic patterns, and attempts to probe user account information.
In addition to technical measures, WhatsApp has pursued legal avenues to protect its users. The 2019 lawsuit represented one of the first times a major technology company directly sued a spyware vendor rather than simply patching vulnerabilities and moving on. By taking the fight to court, WhatsApp aimed to establish legal precedents that could deter similar actors and force greater accountability from the surveillance industry.
The current filings emphasize that NSO’s alleged continued activity undermines the authority of the judicial system. If a company can simply ignore court orders without facing meaningful consequences, WhatsApp argues, then the rule of law loses its power to regulate harmful conduct. The company has asked the judge to hold NSO in contempt and impose financial penalties calibrated to the scale of the violations.
NSO Group has not yet issued a detailed public response to the latest accusations. In previous statements, the company has rejected claims of wrongdoing and pointed to internal compliance mechanisms intended to prevent misuse. NSO has also highlighted its cooperation with certain governments on lawful interception requests, framing its technology as an essential instrument in the fight against serious crime and terrorism.
The dispute occurs against a backdrop of growing international concern about the proliferation of commercial spyware. The Pegasus Project, a collaborative investigation involving more than 80 journalists from 17 media organizations, revealed that at least ten governments had used the tool to target political figures, activists, and journalists. In some cases, infections were discovered on devices belonging to close associates of sitting presidents and prime ministers, raising fears that leaders themselves could be vulnerable.
These revelations prompted calls for stricter export controls on surveillance technology. Several countries have begun reviewing their relationships with spyware vendors and considering new regulations that would require greater transparency about sales and end-use monitoring. The European Parliament has discussed proposals for binding rules that would limit the transfer of such tools to authoritarian regimes.
For ordinary users, the implications are significant. Even though most people are unlikely to be targeted by nation-state spyware, the existence of these tools influences the broader threat environment. Techniques developed for Pegasus often trickle down to less sophisticated actors over time. Criminal groups have already begun experimenting with similar infection methods, albeit with varying degrees of success.
WhatsApp’s decision to publicize its findings serves multiple purposes. It alerts users to potential risks, applies pressure on NSO through negative publicity, and demonstrates to regulators that the company takes its security responsibilities seriously. The move also reinforces the message that technology platforms will not remain passive when their infrastructure is abused to compromise user privacy.
The ongoing legal battle is likely to stretch on for months or even years. NSO has previously attempted to have the case dismissed on grounds of sovereign immunity, arguing that its activities are conducted on behalf of foreign governments. American courts have so far rejected those arguments, allowing the litigation to proceed. A final resolution could set important precedents for how similar disputes are handled in the future.
Beyond the courtroom, the technical arms race between spyware developers and platform defenders continues unabated. Each time researchers uncover a new infection vector, vendors like NSO adapt by finding alternative pathways. Security teams at companies like Meta must constantly update their detection capabilities to stay ahead of these evolving tactics.
Experts recommend that individuals concerned about targeted surveillance adopt additional protective habits. These include keeping software updated, avoiding suspicious links, using strong authentication methods, and considering the use of secondary devices for sensitive communications. While no single measure can guarantee complete safety against sophisticated adversaries, layered defenses make successful compromise more difficult.
The conflict between WhatsApp and NSO Group encapsulates larger struggles over privacy, security, and accountability in the digital age. As surveillance tools grow more powerful and accessible, the need for effective oversight becomes increasingly apparent. Whether through legislation, technical innovation, or legal action, multiple approaches will likely be required to address the challenges posed by the commercial spyware market.
WhatsApp’s latest court filing adds another chapter to this complex story. By presenting fresh evidence of alleged violations, the company seeks not only to protect its users but also to reinforce the principle that no entity stands above the law. The outcome of these proceedings could influence how other technology firms approach similar threats and how governments choose to regulate the shadowy industry that supplies advanced spying capabilities to state actors around the world. The case serves as a reminder that the battle for digital security is fought on multiple fronts, from code repositories and server logs to federal courtrooms and international policy discussions.
WebProNews is an iEntry Publication