A jury ordered NSO Group to pay over $167 million after WhatsApp accused it of hacking over 1,400 users via exploitation of an audio-calling vulnerability. The lawsuit, which began in October 2019, revealed how the zero-click attack worked: through a fake WhatsApp call, which would download the Pegasus spyware onto the target's phone. Testimonies shed light on NSO's practices, including the termination of clients abusing the spyware and the identities of some customers like Saudi Arabia and Mexico. The ruling represents a significant victory for WhatsApp and underscores concerns about spyware misuse.
"The zero-click attack, which means the spyware required no interaction from the target, worked by placing a fake WhatsApp phone call to the target..."
"NSO Group had built what it called the 'WhatsApp Installation Server', a special machine designed to send malicious messages across WhatsApp's infrastructure..."
Collection
[
|
...
]