WhatsApp, owned by Meta, has uncovered a spear-phishing attack linked to NSO Group, a spyware vendor previously barred by a permanent injunction from targeting WhatsApp users. The attack used social engineering to lure users into clicking malicious links, with WhatsApp linking the campaign to NSO based on domain indicators and tactics consistent with earlier NSO phishing operations. NSO was found liable in court for exploiting a zero-day vulnerability in WhatsApp and has been subject to damages and an injunction since 2019. Despite this, NSO allegedly violated the court order, prompting WhatsApp to file a contempt motion. WhatsApp has disabled malicious accounts and groups created by the attackers and is contributing to initiatives aimed at exposing and stopping spyware misuse.

The impact involves the attempted compromise of WhatsApp users through spear-phishing linked to NSO Group, which could lead to spyware installation if successful. The attack represents a violation of a court injunction intended to protect WhatsApp users from NSO's targeting. While WhatsApp disrupted the attack and disabled malicious infrastructure, the incident highlights ongoing risks from sophisticated spyware vendors exploiting social engineering. No confirmed widespread exploitation or zero-day vulnerability exploitation in this specific campaign is reported in the provided data.

WhatsApp has already disrupted the attack, disabled malicious accounts and groups, and is pursuing legal action against NSO for contempt of court. Users should remain cautious of unsolicited links and phishing attempts. Since this is a targeted social engineering attack linked to a known spyware vendor, no additional specific technical mitigations are provided. WhatsApp’s legal and technical measures are the primary response. Patch status is not applicable as this is not a software vulnerability but an attack campaign. Users should keep WhatsApp updated and follow best practices for phishing avoidance.