Meta is filing a federal contempt of court motion against NSO Group after catching the Israeli spyware maker targeting WhatsApp users again, in apparent violation of a permanent injunction that explicitly bars the company from doing so.
The injunction, handed down by US District Court Judge Phyllis Hamilton in October 2025, was the culmination of six years of litigation that began when NSO's Pegasus spyware was used to hack 1,400 WhatsApp users through a zero-click exploit in 2019. A jury awarded Meta $167m in damages. The judge reduced that to $4m but imposed the injunction, which NSO warned could "put NSO's entire enterprise at risk" and "force NSO out of business."
NSO said the injunction would not apply to its customers. It then, according to Meta, went right back to targeting WhatsApp users itself.
What Meta says happened
WhatsApp said it disrupted "NSO-linked social engineering attempts" after investigating user reports. The activity involved attempts to trick targets into clicking malicious links that redirected them to websites outside WhatsApp, as well as the creation of test accounts and groups on the messaging platform.
Meta described the activity as consistent with previously reported one-click phishing campaigns linked to NSO. One-click attacks compromise a device when a user clicks a single malicious link, without requiring credentials or further interaction.
The company said 12 civil rights organisations, security researchers and digital rights experts filed amicus briefs last month supporting Meta's fight against NSO's appeal of the permanent injunction.
Why contempt matters
A permanent injunction is the strongest remedy a civil court can impose short of dissolving a company. If NSO has violated it, the consequences could include fines, additional injunctive relief or, in extreme cases, criminal contempt proceedings.
The broader significance extends beyond this case. If a company can violate a permanent injunction against cyberattacks and face no meaningful enforcement, the precedent undermines every future attempt to use civil litigation as a tool against spyware manufacturers.
NSO has argued throughout the litigation that its technology is used by governments to fight serious crime and terrorism. The company has also been blacklisted by the US Commerce Department for engaging in activities contrary to US national security and foreign policy interests.
The enforcement problem
Pegasus works by exploiting vulnerabilities in widely deployed software. WhatsApp is one of the most commonly used messaging platforms in the world, which makes it one of Pegasus's primary attack surfaces.
Banning NSO from targeting WhatsApp is straightforward as a legal order. Enforcing that ban in practice requires detecting activity that is designed, by its nature, to be undetectable. The fact that Meta caught the new activity through user reports and its own investigation suggests that NSO's tradecraft, or that of its proxies, was not as clean as it needed to be.
Privacy advocate Natalia Krapiva called NSO's claim that the injunction does not apply to its customers "perplexing," noting that the plain language of the order prevents NSO from using or offering any technology that provides unlawful access to WhatsApp messages or breaks WhatsApp's encryption.
What happens next
NSO has appealed the original injunction, arguing it is catastrophic for the business and contrary to the public interest. The contempt motion adds a new dimension. If the court finds NSO violated the order while simultaneously appealing it, the company's legal position becomes considerably more precarious.
Meta is not pursuing this case for $4m in damages. It is pursuing it to establish that spyware companies can be held accountable through the legal system, and that a court order means what it says.
Whether that principle holds depends on what Judge Hamilton does next.
