Meta said on Monday it detected and blocked spear-phishing attempts tied to Israeli spyware vendor a company disclosure. The company said it is also seeking a federal court contempt order against NSO Group after alleging violations of a permanent injunction over WhatsApp and its users.
KEY FACTS
- Blocked activity Meta said it stopped attempts to lure people to malicious sites outside WhatsApp.
- Account creation The company said it found test accounts and groups created on WhatsApp and removed them.
- Linked domains The activity was tied to fr24cast[.]com, ghazacast[.]com and ikhwancast[.]com.
- Legal history NSO Group was fined about $168 million last year over Pegasus-related WhatsApp abuse.
The disclosure said the messages were designed to push victims toward external websites, in a pattern similar to earlier one-click phishing campaigns linked to the company. Meta said the activity involved test accounts and groups on WhatsApp that were later taken down.
NSO Group was added to a U.S. Commerce Department blocklist in 2021, and a U.S. court later found it had used WhatsApp servers to deploy Pegasus spyware against more than 1,400 people worldwide. Meta said WhatsApp users’ personal messages and calls remain protected with default end-to-end encryption.
Meta also advised users to keep apps and devices updated and report suspicious activity. The company said people at higher risk of targeted attacks can enable strict account settings, which lock several privacy controls to more limited settings.
WHY IT MATTERS
The case shows that even after earlier legal penalties and restrictions, spyware-linked operators can still try to target messaging app users. It also highlights the value of account hardening tools and rapid reporting when suspicious activity appears.