A U.S. federal judge has issued a permanent injunction prohibiting the NSO Group, an Israeli spyware company, from targeting or infecting WhatsApp users with its Pegasus spyware. The ruling, delivered by Judge Phyllis J. Hamilton of the Northern District of California, stems from a lawsuit filed by Meta, WhatsApp's parent company, in 2019 after NSO was discovered attempting to compromise approximately 1,400 WhatsApp users, including attorneys, journalists, human rights activists, political dissidents, diplomats, and senior government officials. NSO's campaign involved creating fake WhatsApp accounts and targeting Meta's infrastructure to deploy Pegasus, a sophisticated zero-click spyware tool known for exploiting vulnerabilities in widely used software. The court found that NSO's actions caused direct business harm to Meta by undermining the privacy and security assurances that WhatsApp offers its users, particularly its end-to-end encryption based on the Signal Protocol. Judge Hamilton emphasized that unauthorized access to users' personal information constitutes more than reputational damage; it directly interferes with the core service Meta provides. In addition to the injunction, the court ordered NSO to delete any data obtained from targeting WhatsApp users. The judge also reduced the punitive damages awarded to Meta from $167 million to $4 million, citing legal precedents regarding the proportionality of damages to the conduct in question. While NSO argued that the injunction could force it out of business, the company stated that the ruling does not apply to its customers, who may continue using its technology, though legal experts and advocates for spyware victims dispute this interpretation. The decision is seen as a significant precedent for technology companies seeking to protect their platforms from commercial spyware and unlawful surveillance. Will Cathcart, head of WhatsApp, celebrated the ruling as a victory for user privacy and a warning to those who attempt to circumvent encryption protections. The case highlights the ongoing legal and ethical challenges posed by commercial spyware vendors and the importance of judicial intervention in safeguarding digital privacy. The ruling is the culmination of six years of litigation and is expected to influence future cases involving unlawful electronic surveillance. NSO Group, recently acquired by a consortium led by Hollywood producer Robert Simonds, is reviewing the decision but welcomed the reduction in damages. Privacy advocates have praised the court's recognition of the irreparable harm caused by circumventing end-to-end encryption and the broader implications for protecting civil society from targeted surveillance.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
In the same ruling, the judge sharply reduced punitive damages against NSO Group from $167.3 million to $4 million, citing legal precedent on acceptable punitive-to-conduct ratios. NSO welcomed the reduction while noting the injunction was limited to WhatsApp and did not apply to its customers.
A U.S. federal judge in Northern California granted WhatsApp a permanent injunction prohibiting NSO Group from targeting WhatsApp and its users with spyware. The court found that attacks on WhatsApp's end-to-end encryption and privacy commitments caused fundamental harm to Meta's business and user trust.
Before the latest ruling, a court awarded Meta/WhatsApp $167.3 million in damages in the spyware case against NSO Group. This amount later became the basis for judicial review of the punitive damages ratio.
WhatsApp initiated litigation against NSO Group over the use of Pegasus spyware to target WhatsApp users, beginning a legal battle that would last about six years. The case centered on attacks that affected civil society targets and undermined WhatsApp's security protections.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
arstechnica.com
Open sourcetherecord.media
Open sourcecyberscoop.com
Open sourcescworld.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.