WhatsApp’s \$167M Spyware Win Exposes Global Surveillance

WhatsApp’s $167M win against NSO Group reveals key insights into spyware misuse, Pegasus tactics, and global surveillance abuse.

WhatsApp’s Courtroom Victory Exposes Spyware Secrets

In a landmark verdict that sent ripples through the cybersecurity world, WhatsApp emerged victorious this week in a years-long legal battle against Israeli spyware developer NSO Group. A U.S. jury awarded Meta’s messaging giant more than $167 million in damages, marking a significant step in the fight for digital privacy and accountability in state-sponsored surveillance.

This high-profile trial, stemming from a 2019 lawsuit, unearthed disturbing insights into how NSO’s Pegasus spyware targeted over 1,400 WhatsApp users using stealthy, zero-click methods. From FBI experiments to continued hacking after the lawsuit was filed, the courtroom revealed far more than a monetary judgment—it exposed a shadowy world of global surveillance.

Here are five critical takeaways from the trial that illuminate the murky operations behind one of the world’s most notorious spyware tools.

1. Zero-Click Spyware Exploited WhatsApp’s Call Feature

At the heart of WhatsApp’s lawsuit was a zero-click vulnerability—meaning targets didn’t need to tap or respond to be infected. As described by WhatsApp’s legal team, attackers used fake phone calls that never rang or registered on users’ phones. These calls, routed through a custom-built “WhatsApp Installation Server,” deployed malicious code that silently installed Pegasus on the target’s device.

All NSO Group needed to initiate the attack was a phone number. Once triggered, the spyware downloaded itself from a separate server, giving clients full access to the user’s phone—messages, calls, location, camera, and more. This chilling method required no interaction, making it virtually undetectable by the victim.

2. NSO Group Targeted a US Phone in a Test for the FBI

For years, NSO Group insisted Pegasus couldn’t be used on American numbers. But courtroom testimony confirmed otherwise. A U.S.-based phone number was indeed targeted in a test for the FBI using a special version of Pegasus configured for that purpose.

While NSO claimed this was a one-time demonstration for potential U.S. government clients, the admission shattered its longstanding defense that Pegasus doesn’t threaten Americans. The FBI ultimately declined to deploy the spyware, according to reports—but the episode raised serious concerns about the scope of domestic surveillance possibilities.

3. NSO Cut Off Governments That Abused Pegasus

The trial also revealed that ten government clients were dropped by NSO for abusing Pegasus, though the exact nature of the abuses wasn’t disclosed in court. What is known: victims of the spyware included individuals across 1,223 distinct locations, and at least three clients—Mexico, Saudi Arabia, and Uzbekistan—were publicly named during the proceedings.

These revelations underscore what human rights organizations have long alleged: Pegasus has been used to spy on journalists, activists, and political opponents under the guise of lawful surveillance.

4. The Spyware Didn’t Stop After the Lawsuit

Despite the lawsuit’s filing in 2019, NSO Group continued using its spyware against WhatsApp users well into 2020. One version of the hacking tool, code-named Erised, remained active until May 2020. It was part of a suite known as “Hummingbird,” which also included vectors called “Eden” and “Heaven.”

This continuation of surveillance activity, even while under legal scrutiny, paints a troubling picture of NSO Group’s defiance—or perhaps confidence—in the face of international legal pressure.

5. NSO Group Shares a Building With Apple

In a twist laced with irony, NSO Group’s headquarters in Herzliya, Israel, are in the same office tower as Apple, whose devices are frequently targeted by Pegasus. NSO occupies the upper five floors of a 14-story building; Apple rents the rest.

While the proximity is coincidental, it highlights the growing convergence between major tech platforms and entities aiming to undermine them. It also underlines the boldness with which NSO operates compared to other spyware firms that cloak their locations or operate from co-working spaces.

A Legal Win, But the Privacy Fight Isn’t Over

WhatsApp’s courtroom victory is more than a corporate win—it’s a rare case of a tech company successfully pushing back against the unchecked spread of digital surveillance tools. The trial peeled back layers of secrecy surrounding Pegasus, exposing how readily it has been weaponized, even against American interests.

Yet the broader battle against spyware is far from over. The demand for tools like Pegasus is growing, fueled by governments’ desire for intelligence and control. This trial may deter some actors, but without stricter global regulations and transparency, the risk to journalists, dissidents, and everyday citizens remains alarmingly high.

Disclaimer:
This article is for informational purposes only and does not constitute legal advice. The details presented are based on public court documents, testimony, and credible reporting as of May 2025. Readers should verify information and consult cybersecurity professionals or legal experts where necessary.

source : tech crunch