NSO Spyware Defied a Court Order. The Fintech Privacy Risk Is Real

NSO Group had a permanent court injunction against it. Judge Phyllis Hamilton of the US District Court for the Northern District of California issued it in October 2025, barring NSO from targeting WhatsApp and its users after a jury found the company had violated US federal and state hacking laws.

On June 8, 2026, WhatsApp published evidence that NSO kept going anyway. New spear phishing attempts linked to the company, test accounts created on the platform and taken down, malicious links designed to route users outside WhatsApp. Meta is now filing a federal contempt order.

NSO Group has been on the US Department of Commerce Entity List since 2021, blacklisted for actions contrary to US national security. Its CEO confirmed in court that the company actively looks for new attack vectors beyond WhatsApp, including browsers, operating systems, and other applications. The contempt filing is not a new case. It is WhatsApp's argument that the existing judgment was never actually enforced.

What NSO builds and who it sells to

NSO Group develops and licenses surveillance software to government clients. Its best-known product, Pegasus, is designed to access a target device — messages, calls, stored data — without the user's knowledge or interaction. Reported targets across NSO's operational history include journalists, government officials, military personnel, and humanitarian workers.

The new attempts WhatsApp disrupted used social engineering: malicious links designed to drive users to external sites, consistent with previously documented phishing campaigns linked to NSO. WhatsApp is publishing the specific threat indicators — the malicious domains used — so that users on any platform can check whether they were targeted.

Why this is a fintech story

WhatsApp is not only a messaging application. Across large parts of Africa, Latin America, South Asia, and the Middle East, it functions as primary financial communications infrastructure — the channel through which people coordinate remittances, manage informal business transactions, and access fintech services. A compromised device in those contexts is a financial breach as much as a communications one.

The targets NSO's clients have historically pursued are precisely those for whom financial privacy is not discretionary. Journalists investigating financial corruption. Humanitarian workers managing funds in active conflict zones. The security of their financial communications depends on the same encrypted infrastructure that fintech platforms and crypto exchanges operating under MiCAR rely on to meet regulatory compliance requirements. When a blacklisted spyware firm continues to operate after a permanent injunction, the compliance assumption that legal enforcement is a functional backstop gets tested in practice.

What the contempt filing adds to the record

Twelve civil rights organisations filed amicus briefs in May 2026 supporting WhatsApp's position against NSO's appeal of the permanent injunction. A Greek court issued the first criminal conviction of spyware company executives this year, built on forensic evidence. WhatsApp is contributing to the Spyware Accountability Initiative, which funds forensic research and advocacy across dozens of organisations globally.

The pattern across these actions is consistent: no single mechanism — litigation, blacklisting, damages — has been sufficient in isolation. The enforcement architecture that is emerging is coalitional, and the contempt filing is its latest move.

A company already ordered to pay $167 million in damages and barred from further targeting has continued to attempt both. For anyone building compliance frameworks on the assumption that legal judgments hold, that is the precise fact that matters.

Editor's note

Every piece published on The Bright Minded goes through careful verification, but mistakes can happen. If you spot an error, have additional information, or want to flag anything, write to rosalia@thebrightminded.com.