WhatsApp provides update on spyware battle

Last year, WhatsApp achieved a significant legal victory with a permanent injunction against NSO Group, a spyware company that has been blacklisted for activities contrary to US national security. The court clearly stated that NSO was in breach of both federal and state anti-hacking laws. Today, WhatsApp is asking the court to hold NSO in contempt for violating that ruling.

Disrupting NSO’s Attempts

WhatsApp has successfully disrupted attempts by NSO linked to social engineering, following investigations into user reports. NSO attempted to deceive people into clicking harmful links leading them to external sites, a method similar to their known phishing campaigns. WhatsApp also identified and removed test accounts and groups created by NSO.

WhatsApp is now sharing threat indicators so individuals can check if they were targeted by NSO’s social engineering attempts, whether through text, email, WhatsApp, or other means.

Spyware and National Security

Since 2019, the ongoing case against NSO has demonstrated their continued development of spyware aimed at infiltrating devices. NSO’s CEO admitted in court that the firm seeks various entry points into phones beyond WhatsApp, including browsers, operating systems, and other apps.

Spyware companies, like those on the US government’s Entity List, pose a threat to national security by targeting diverse groups such as journalists, government personnel, military staff, and humanitarian organizations. It is crucial to maintain existing restrictions to protect US national security and global communications.

Collaborative Efforts Against Spyware

When NSO’s attacks were first discovered in 2019, Citizen Lab assisted WhatsApp in investigating and informing affected individuals. During the initial trial, support from industry peers and organizations bolstered the legal case.

Recently, twelve civil rights organizations, including security researchers and digital rights advocates, submitted amicus briefs opposing NSO’s appeal against the injunction. WhatsApp is also advancing its commitment to support digital rights groups by contributing to the Spyware Accountability Initiative (SAI), which aids organizations worldwide in forensic research, user support, and advocacy.

For example, Citizen Lab’s zero-day discovery prompted Apple to release a security update affecting over a billion devices. Additionally, a Greek court recently handed down the first-ever criminal conviction of spyware company executives, a case supported by forensic evidence and investigative reporting.

The fight against spyware is challenging and often lacks adequate resources compared to the well-funded spyware industry. WhatsApp is dedicated to supporting these crucial efforts. Users are reminded that their personal messages and calls are protected by default end-to-end encryption. Keeping apps and devices updated and reporting suspicious activities are encouraged. Those who suspect they are targeted by advanced cyber attacks should enable strict account settings to enhance their WhatsApp account security.

Threat Indicators

Malicious domains:

• hxxps://ikhwancast[.]com
• hxxps://ghazacast[.]com
• hxxps://fr24cast[.]com