Meta has reported that it successfully detected and blocked phishing attempts connected to Israeli spyware company NSO Group that were aimed at users of WhatsApp. Alongside the disruption of the activity, Meta has also confirmed that it is filing a federal court contempt order against NSO Group for allegedly violating a permanent injunction that previously barred the company from targeting WhatsApp users or exploiting the platform. According to Meta, the attackers attempted to trick individuals into clicking malicious links that redirected them to external websites outside WhatsApp, a method consistent with earlier reported one click phishing campaigns associated with NSO Group operations.
Meta stated that its security systems identified suspicious infrastructure and account behavior tied to the campaign, including the creation of test accounts and groups within WhatsApp that were subsequently removed. While the company confirmed the mitigation of the activity, it did not provide detailed technical indicators such as the exact timeline of the incident, the total number of targeted users, or whether any successful compromises occurred. It also did not clarify the full attribution process used to link the activity to NSO Group. However, Meta shared a list of domains associated with the operation, including fr24cast[.]com, ghazacast[.]com, and ikhwancast[.]com, which were part of the malicious infrastructure reportedly used in the campaign.
The development adds to the ongoing legal and security disputes surrounding NSO Group, which has faced multiple allegations related to spyware deployment and surveillance tools used against individuals worldwide. In a previous U.S. court ruling, the company was ordered to pay approximately 168 million dollars in damages after being found to have violated laws through its use of WhatsApp infrastructure to deploy its Pegasus spyware, which reportedly targeted more than 1400 individuals globally. NSO Group was also added to a U.S. Commerce Department restricted list in 2021 due to activities considered contrary to national security and foreign policy interests of the United States. These actions form part of a broader regulatory and legal environment that continues to challenge commercial spyware operations.
Meta reiterated that user communications on WhatsApp remain protected through default end to end encryption, which ensures that only the sender and recipient can access message content. The company also encouraged users to maintain up to date applications and operating systems to reduce exposure to known vulnerabilities and evolving attack methods. In addition, Meta urged users to report suspicious messages or activity so that its security teams can investigate and respond quickly. The company emphasized that while encrypted messaging protects content, attackers often rely on social engineering techniques such as deceptive links and impersonation tactics to bypass technical safeguards and trick users into interacting with external malicious sites.
For individuals at higher risk of targeted cyber attacks, Meta highlighted the importance of enabling stricter account protections within WhatsApp. These optional security configurations are designed to reduce the attack surface by limiting certain account functions and tightening privacy controls. Measures include activating two step verification, disabling link previews, restricting visibility of profile details such as last seen status, profile photo, and about section to contacts only, and limiting group additions to known contacts or pre approved lists. These settings are intended to provide a more controlled communication environment for users who may be specifically targeted due to their profession, public role, or other exposure. Meta describes these strict account settings as a lockdown style feature that enhances account resilience by reducing pathways commonly exploited in advanced cyber attacks.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
