WhatsApp identified and stopped spear-phishing attacks allegedly conducted by the NSO Group, involving social engineering to lure users into clicking malicious links leading to external websites. These campaigns resemble previously documented one-click phishing attacks linked to NSO spyware. Meta has enforced a permanent injunction against NSO Group, which continues to attempt targeting WhatsApp users despite legal actions. The company removed malicious accounts and groups associated with these campaigns. WhatsApp highlights that end-to-end encryption protects communications from spyware like Pegasus and advises users to update their software and enable platform-specific protections designed to reduce spyware attack surfaces.

The attacks aimed to deliver spyware through phishing links, potentially compromising targeted users if successful. However, WhatsApp's end-to-end encryption protects message and call content from interception by spyware such as Pegasus. The disruption of these campaigns prevented the spread of NSO-linked spyware via WhatsApp. There is no indication of widespread exploitation or successful infections reported in this incident. The ongoing targeting by NSO Group despite legal restrictions underscores a persistent threat to high-interest individuals.

Meta has disrupted the phishing campaigns and removed malicious accounts and groups. Users are advised to keep WhatsApp and their device operating systems updated to benefit from the latest security protections. Android users should enable 'Advanced Protection' and iOS users should activate 'Lockdown Mode' to reduce the attack surface against spyware. End-to-end encryption remains effective against Pegasus spyware. No additional immediate actions are required beyond these recommendations.