Meta filed a federal contempt order against Israeli spyware maker NSO Group on Monday, accusing the company of mounting new spear phishing attacks against WhatsApp users in direct violation of a permanent court injunction.

WhatsApp detected and disrupted the campaign after investigating user reports. The attacks used 1-click phishing techniques, where a single malicious link is sufficient to compromise a device, directing targets to external websites outside WhatsApp. NSO also created test accounts and groups on the platform, which Meta removed. The 2025 injunction permanently bars NSO from targeting WhatsApp and its users.

Meta published three malicious domains linked to the campaign, namely fr24cast[.]com, ghazacast[.]com, and ikhwancast[.]com. The domain fr24cast[.]com closely resembles fr24.com, the address for Flightradar24, an open-source aircraft tracking tool routinely used by military intelligence analysts, defense researchers, and journalists covering active conflict zones.

“The court was unequivocal: NSO violated federal and state laws against hacking,” Meta said. “Today, we’re asking the court to hold them in contempt of that order.”

The October injunction followed a jury award of $167 million in punitive damages in May 2025, later reduced by a federal judge to $4.4 million. NSO warned the order could “put NSO’s entire enterprise at risk” and has since filed an appeal before the Ninth Circuit.

NSO has been on the U.S. Commerce Department’s Entity List since 2021 for activities contrary to U.S. national security. American investors who acquired the company last year have announced plans to enter the U.S. market.

Last month, 12 civil rights organizations filed amicus briefs opposing NSO’s appeal against the injunction. Meta also announced a contribution to the Spyware Accountability Initiative (SAI), which funds forensic research and digital rights advocacy worldwide.