Meta has caught and blocked a new attack by NSO Group — the company behind the Pegasus spyware — targeting WhatsApp users with spearphishing links. The attackers created test accounts and groups on WhatsApp, then sent messages containing links to malicious websites (including domains like fr24cast[.]com and ghazacast[.]com) designed to redirect victims to external sites where surveillance software could be installed. WhatsApp’s end-to-end encryption was never broken — the campaign was trying to trick people into clicking links rather than bypassing the encryption itself.
NSO Group was already under a permanent court injunction barring it from targeting WhatsApp after a lawsuit Meta won in 2024. Now Meta is filing a federal contempt motion, saying NSO violated that order. The company was also fined $168 million last year for prior Pegasus attacks on WhatsApp. This new operation appears to focus on journalists, activists, and human rights workers — the same groups historically targeted by Pegasus spyware — rather than regular users.
How to check if you’re affected
Affected versions include any WhatsApp installation that hasn’t received the latest automatic updates — keeping your app current ensures you benefit from Meta’s latest protections.
- Open WhatsApp and check Settings → Help → App Info to confirm you are running the latest version.
- Review your recent message requests or unknown-contact chats for any suspicious links you did not expect.
- If you received an unexpected link from an unknown number asking you to click it, do not open it — report the message using WhatsApp’s built-in reporting tool.
- Enable two-step verification in WhatsApp: Settings → Account → Two-step verification.