A spyware company that a US court ordered to stay away from WhatsApp went back to targeting its users anyway, according to Meta, which is now asking a federal judge to hold NSO Group in contempt.
The Israeli firm behind Pegasus, already blacklisted by the US government, allegedly kept sending malicious links to people through the same encrypted app it was barred from touching.
Meta filed the contempt motion on June 8, 2026, in the US District Court for the Northern District of California.
We obtained a copy of the motion for you here.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
The company says NSO crossed a line drawn by a permanent injunction issued on November 12, 2025, which became enforceable on January 28, 2026. That order forbade NSO from using WhatsApp’s systems or building anything that interacts with the platform.
The injunction was meant to shut down a surveillance operation that had already reached roughly 1,400 people in 2019, among them journalists and human rights workers.
According to Meta, the surveillance never stopped.
The company says that in February and April 2026, NSO customers relied on delivery systems run by NSO to push one-click malicious URLs to targets over WhatsApp, with the most recent attack it documented dated April 19, 2026.
These were designed to lure someone into tapping a link that carries them off the platform and toward whatever waits on the other side.
“We successfully disrupted NSO-linked social engineering attempts, after investigating user reports,” Meta wrote, describing how it traced the activity.
“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO.” The company added, “We also caught them creating test accounts and groups on WhatsApp, which we took down.”
The tactics reveal what surveillance-for-hire firms actually sell. NSO does not need to break WhatsApp’s encryption to reach a target. It needs the target to click.
One tap on a crafted link can route someone to systems built to compromise their phone, turning a private messaging app into the opening move of a much wider intrusion. The encryption protecting your messages stays intact while the company works around it completely.
NSO’s reach was never limited to one app and the company has said so itself. Its CEO confirmed in court that the firm looks for “vectors, or ways to access the phone” beyond WhatsApp, targeting browsers, operating systems, and other applications.
Closing one door into someone’s device does not close the others and a company in the business of selling access will keep looking for whichever one is still open.
The US government placed NSO on its Entity List for conduct contrary to national security, a designation that restricts American companies from doing business with it. A firm under that kind of sanction continuing to operate against a federal court order tells you how seriously the spyware trade treats accountability.
NSO is fighting the underlying rulings, taking its appeal of the injunction to the Ninth Circuit.
The original case ended last year with a jury awarding Meta about $168 million, later cut to roughly $4 million after the judge capped the punitive damages. The injunction itself survived.
District Judge Phyllis Hamilton found that NSO’s conduct “causes irreparable harm” and that there was “no dispute that the conduct is ongoing,” language that reads differently now that Meta says the conduct continued past the order that was supposed to end it.
The cost of all this lands on the targets. Surveillance-for-hire customers have aimed these tools at journalists, government officials, military personnel, and humanitarian workers, according to public reporting on the industry.
The people most likely to end up in the crosshairs are the ones whose work depends on being able to communicate without a government or a paying client reading along.
