The Article Tells The Story of:
- A $167 Million Blow to Spyware Giant: WhatsApp won a massive legal victory over NSO Group, exposing years of secret spyware attacks through a rare courtroom showdown.
- Spyware Needed Only a Phone Number: WhatsApp revealed how NSO’s Pegasus spyware could silently hack phones using just a fake call—no user action required.
- Even After the Lawsuit, the Hacks Continued: Shocking testimony confirmed NSO kept attacking WhatsApp users months after the lawsuit was filed, using hidden tools codenamed Eden, Heaven, and Erised.
- NSO’s Spyware Tested on U.S. Soil: Despite claims of avoiding American targets, NSO admitted using Pegasus on a U.S. phone number—for the FBI.
WhatsApp Wins Lawsuit Against NSO Group
WhatsApp has won a major legal battle against NSO Group. A jury ordered the spyware maker to pay over $167 million in damages. This marks the end of a five-year lawsuit that began in October 2019. The court found NSO Group responsible for hacking more than 1,400 WhatsApp users using a flaw in the app’s audio-calling system.
The jury reached its verdict after a week-long trial. Witnesses included WhatsApp employees and NSO Group’s CEO, Yaron Shohat. Their testimonies revealed how Pegasus spyware worked and how it targeted innocent users.
WhatsApp first filed the lawsuit in 2019. The company claimed NSO Group sent spyware through WhatsApp calls. Even before the trial, the case uncovered new details. These included the names of three governments using Pegasus—Mexico, Saudi Arabia, and Uzbekistan—and the location of over 1,200 spyware victims.
Read More About Our Article of judge finds NSO Group liable for hacking WhatsApp. Published on December 22, 2024 SquaredTech
1. Pegasus Used a Zero-Click Attack to Hack WhatsApp Users
One of the key revelations from the trial was how the attack worked. WhatsApp lawyer Antonio Perez explained that NSO Group used a zero-click attack. This meant that the spyware could infect a phone without the user clicking anything.
Perez said NSO built a system called the “WhatsApp Installation Server.” This server sent fake WhatsApp calls to targets. These calls looked like real calls but carried spyware. Once the call reached the device, the phone contacted a third-party server and downloaded Pegasus. The only information NSO needed was the victim’s phone number.
Tamir Gazneli, NSO Group’s vice president of research and development, confirmed this. He called any zero-click attack a major achievement for Pegasus.
2. NSO Group Targeted a U.S. Phone for an FBI Test
NSO Group has long claimed that Pegasus cannot target U.S. phone numbers. These are numbers with a +1 country code. But the trial confirmed that this was not entirely true.
NSO lawyer Joe Akrotirianakis said the company made one exception. Pegasus was configured to attack a U.S. phone as part of a test for the FBI. The test did happen, but the FBI chose not to use the spyware afterward.
This revelation matches a 2022 report from The New York Times. That report first mentioned the FBI’s quiet testing of Pegasus on U.S. phones.
3. Pegasus Picks Its Own Attack Method Automatically
Another fact revealed in court was how Pegasus chooses its attack method. Shohat said that government clients do not pick how the spyware hacks targets. Instead, the Pegasus software selects the method automatically.
This means clients only provide the target’s phone number or other identifying data. Pegasus then uses whatever exploit it has to break into the phone. This shows how powerful and self-guided the spyware has become.
4. NSO Group Shares an Office Building with Apple
During the trial, Shohat confirmed that NSO Group’s headquarters is in Herzliya, a city near Tel Aviv in Israel. The company operates from the top five floors of a 14-story building. Apple, which makes the iPhone often targeted by Pegasus, works in the same building.
This detail caught attention because Apple has also sued NSO Group. Apple has argued that NSO endangered its users through repeated spyware attacks. The fact that the two companies work under the same roof adds irony to their legal conflict.
Unlike other spyware makers who hide their offices, NSO Group operates openly. For example, Barcelona-based spyware company Variston falsely claimed a different location and later shut down.
5. NSO Group Continued Targeting WhatsApp Users After the Lawsuit
One of the most shocking facts revealed in the trial came from Gazneli. He admitted that NSO Group kept attacking WhatsApp users even after the company filed the lawsuit.
According to Gazneli, NSO used a spyware system called “Erised” from late 2019 through May 2020. This was after WhatsApp took legal action. NSO also had two other systems called “Eden” and “Heaven.” All three were part of a spyware platform known internally as “Hummingbird.”
This proves that NSO did not stop using Pegasus against WhatsApp users despite being in an active lawsuit. It also shows that the company had multiple methods for attacking the chat app.
Final Thoughts: The WhatsApp Lawsuit Exposes Pegasus Spyware Tactics
The WhatsApp lawsuit shows how powerful and dangerous NSO Group’s Pegasus spyware can be. It also proves that NSO continued hacking users even while facing a lawsuit. The jury’s decision to award $167 million shows how seriously the court viewed NSO’s actions.
The trial brought many facts into public view. It showed how Pegasus spyware works, who used it, and how it targeted users without their knowledge. WhatsApp used this case to push back against spyware firms that attack private citizens, journalists, and activists.
NSO’s reputation has already suffered from past reports. But now, a court has confirmed the company’s role in large-scale spyware attacks. The case also highlights the risks of zero-click spyware and the limits of current phone protections.
As spyware becomes more advanced, companies like WhatsApp will need to build stronger defenses. But this lawsuit may also slow down spyware companies who fear future legal action. Pegasus may still be active, but this ruling gives users and tech firms a strong reason to keep fighting back.
Stay Updated: Tech News
