Meta has revealed that it recently detected and disrupted a spear-phishing campaign linked to Israeli spyware vendor NSO Group, the company behind the controversial Pegasus spyware platform.
The announcement comes alongside a new legal move by Meta, which says it is seeking a federal court contempt order against NSO Group for allegedly violating a permanent injunction that prohibits the company from targeting WhatsApp and its users.
Meta Uncovers New Phishing Attempts
According to Meta, the attackers attempted to lure users into clicking malicious links that redirected them to external websites outside of WhatsApp.
The company said the tactics closely resembled previously documented one-click phishing campaigns associated with NSO Group.
“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported one-click phishing campaigns linked to NSO,” Meta stated.
In addition to phishing activity, Meta reported discovering NSO Group-operated test accounts and groups on WhatsApp. The accounts were subsequently removed as part of the company’s enforcement actions.
Malicious Domains Identified
Meta shared several domains that were allegedly used in the phishing campaign:
- fr24cast[.]com
- ghazacast[.]com
- ikhwancast[.]com
Security teams and users are advised to monitor for any connections or references to these domains and block them where appropriate.
Ongoing Legal Battle Between Meta and NSO Group
The latest development marks another chapter in the long-running legal dispute between Meta and NSO Group.
Last year, a U.S. court ordered NSO Group to pay approximately $168 million in damages after determining that the company violated U.S. law by exploiting WhatsApp infrastructure to deploy Pegasus spyware.
The spyware campaign reportedly targeted more than 1,400 individuals worldwide, including journalists, activists, government officials, and members of civil society.
NSO Group has faced increasing scrutiny from governments and cybersecurity researchers over its surveillance activities. In 2021, the company was added to the U.S. Department of Commerce Entity List, restricting its access to American technologies and services.
The U.S. government cited activities that were considered contrary to the country’s national security and foreign policy interests.
WhatsApp Security Remains Protected
Meta emphasized that WhatsApp’s default end-to-end encryption continues to protect users’ personal messages and calls from interception.
The company also encouraged users to keep their devices updated and remain vigilant against suspicious messages, links, and account activity.
“As always, WhatsApp users’ personal messages and calls remain protected with default end-to-end encryption,” Meta said.
Meta Recommends Enhanced Security Settings
For individuals who may face a higher risk of targeted cyberattacks—such as journalists, activists, politicians, and executives—Meta recommends enabling WhatsApp’s Strict Account Settings.
This optional security feature reduces potential attack surfaces by applying stronger privacy and account protections.
When enabled, the feature automatically applies several security enhancements:
- Two-step verification is activated.
- Link previews are disabled.
- Profile photo, About information, profile links, and online status are restricted to contacts or approved users.
- Only trusted contacts or pre-approved individuals can add users to groups.
Meta describes Strict Account Settings as a lockdown-style security option designed to protect users against sophisticated cyber threats and surveillance campaigns.
Growing Threat of Commercial Spyware
The incident highlights the continued threat posed by commercial spyware operators and their evolving tactics. While sophisticated surveillance tools often receive attention for exploiting software vulnerabilities, phishing remains one of the most effective methods for gaining access to targeted devices.
Security experts recommend exercising caution when interacting with unsolicited messages, verifying the authenticity of links before clicking them, and enabling advanced security features whenever available.
As Meta continues its legal and technical efforts against NSO Group, the case serves as another reminder that targeted phishing attacks remain a significant cybersecurity risk for both individuals and organizations worldwide.
