- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Take action
Donate

Malware

WhatsApp catches mercenary spyware attack

Published June 10, 2026 Updated June 10, 2026 / Dr. Martin Shelton

Credit: Electronic Frontier Foundation (CC BY 2.0)

The Digital Security Digest, by Freedom of the Press Foundation (FPF), is a weekly newsletter with security tips that keep you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

WhatsApp claims NSO Group linked to hacking campaign, in violation of court order

Spyware vendor NSO Group is infamous for its considerable track record of supplying governments around the world with tools used to break into the smartphones of journalists, activists, politicians, and others. One common way its malware is delivered is through WhatsApp. The encrypted messenger says that it has “caught and disrupted spear phishing attempts linked to NSO,” which it identified through user reports.

According to WhatsApp, the recent attacks tried to trick targets into clicking on malicious links that would open outside of WhatsApp, “similar to previously reported 1-click phishing campaigns linked to NSO.” The app maker also said it found that the attackers were creating test accounts and groups. WhatsApp is asking a court to hold the spyware vendor in contempt for violating last year’s permanent injunction barring NSO Group from targeting WhatsApp or its users. Read more.

What you can do

Use WhatsApp’s “Strict Account Settings.” Spyware companies hate this one simple trick. You can immediately harden your WhatsApp against malicious messages from unfamiliar users, as well as account takeover and surveillance risks, by enabling “Strict Account Settings.” Read our guide to learn how.
Report, report, report. WhatsApp is end-to-end encrypted. By default, Meta, WhatsApp’s parent company, can’t see what you message. But if you report someone, you can send up to five of the previous messages to the company. This appears to have made a meaningful impact on WhatsApp’s ability to trace malicious links back to NSO Group, so if you see messages from unfamiliar actors that include untrusted links, reporting them is likely a good move for our collective safety. Learn how.
Use Apple’s Lockdown Mode or Android’s Advanced Protection. If you want to go even further, you can also harden your Apple or Android devices. These features typically limit some minor functionality, such as the ability to connect to your device via USB without permissions, and block certain messaging technologies known to help deliver malware.
- Apple users, go here: Settings app > “Privacy & security” > “Lockdown Mode”
- Android users, go here: Settings app > “Security & privacy” > “Advanced Protection”

Updates from our team

Relatedly, I wrote about my experience with Lockdown Mode. It does create some minor hurdles, but I’d still recommend it. Check out our most recent advice column.
My fantastic colleague Davis Erin Anderson spoke to Wirecutter about how malware gets a foothold in your devices, and the importance of downloading your updates. Read all about it.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

–

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation