Phishing Campaign Detected and Blocked
Meta has announced that it successfully detected and disrupted a spear-phishing campaign linked to the Israeli spyware developer NSO Group. The attack targeted WhatsApp users by tricking them into clicking malicious links that directed them to external websites outside of the messaging platform. Meta described this as similar to previous one-click phishing operations attributed to NSO. The company also discovered that NSO Group had created test accounts and groups on WhatsApp, which have since been removed. A list of malicious domains associated with the activity has been published, including fr24cast[.]com, ghazacast[.]com, and ikhwancast[.]com.
Legal Action and Ongoing Tensions
In response to the attack, Meta is filing a federal court contempt order against NSO Group for violating a permanent injunction that previously barred the company from targeting WhatsApp or its users. This action follows last year’s court ruling that fined NSO Group approximately $168 million for exploiting WhatsApp servers to deploy Pegasus spyware against over 1,400 individuals worldwide. NSO Group has also been on a U.S. Commerce Department blocklist since 2021 for activities deemed contrary to national security interests. Meta reiterated that WhatsApp’s end-to-end encryption remains intact and urged users to keep apps updated and report suspicious activity. For those at elevated risk, enabling strict account settings such as mandatory two-step verification and disabling link previews is recommended.
Source: The Hacker News
