NSO Group used WhatsApp exploits after the messaging app sued the spyware developer, court filing says | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"NSO Group used WhatsApp exploits after the messaging app sued the spyware developer, court filing says\"> <meta property=\"og:description\" content=\"The filing also suggests that customers have a minimal role in operating the spyware, in an apparent contradiction of past NSO Group claims.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-11-15T20:24:07+00:00\"> <meta property=\"article:modified_time\" content=\"2024-11-15T20:24:09+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1731444340g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1730917128g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1731627017g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82638\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82638\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82638 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.984513274336\">\n<div class=\"single-article__header-content\" readability=\"35.560640732265\">\n<p> The filing also suggests that customers have a minimal role in operating the spyware, in an apparent contradiction of past NSO Group claims. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82638\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"30.515625\"><body readability=\"62.239517153748\"><\/p>\n<p>NSO Group developed malware that used WhatsApp to infect victims even after WhatsApp sued the leading spyware vendor over allegations that it violated federal and state anti-hacking laws, <a href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2024\/11\/WA-Motion-for-Summary-Judgment_-UNSEALED.pdf\">according to a court filing<\/a> by the messaging app and its parent company Meta on Thursday.<\/p>\n<p>It was one of a bevy of revelations and new details found in the filing that expound on how NSO Group operates and the scope of its work. WhatsApp is seeking a summary judgment from the U.S. District Court for the Northern District of California and award of damages.<\/p>\n<p>After detecting NSO Group\u2019s malicious messages in May 2019, WhatsApp made changes to disable the exploit called \u201cEden,\u201d according to the filing. NSO Group \u201cthen developed a new Malware Vector called \u2018Erised\u2019 that continued using WhatsApp as an installation vector through at least May 2022 \u2014 even after this litigation had been filed \u2014 until changes to WhatsApp eventually disabled that Malware Vector, too.\u201d<\/p>\n<p>Those were two of three WhatsApp-centric exploits mentioned in the filing, with the third known as \u201cHeaven\u201d and disabled by WhatsApp in 2018. \u201cNSO admits Eden was responsible for the attacks described in the Complaint\u201d \u2014 1,400 in all, as WhatsApp had claimed and NSO Group admitted, according to the complaint. Additionally, \u201cNSO\u2019s Head of R&D has confirmed that those vectors worked precisely as alleged by Plaintiffs.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The filing also suggests that NSO Group operates its spyware, contradicting past claims from the Israeli firm.<\/p>\n<p>\u201cNSO\u2019s customers\u2019 role is minimal. The customer only needed to enter the target device\u2019s number and \u2018press Install, and Pegasus will install the agent on the device remotely without any engagement,\u2019\u201d the filing reads, quoting from information revealed during the discovery process. \u201cIn other words, the customer simply places an order for a target device\u2019s data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus. NSO admits the actual process for installing Pegasus through WhatsApp was \u2018a matter for NSO and the system to take care of, not a matter for customers to operate.\u2019\u201d <\/p>\n<p>Gil Lanier, vice president of global communications for NSO Group, said the company \u201cstands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system.\u201d The emailed statement said that the company is \u201cconfident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so.\u201d<\/p>\n<p>The five-year-old lawsuit is <a href=\"https:\/\/cyberscoop.com\/spyware-court-cases-nso-group-meta-whatsapp-apple\/\">one of many<\/a> filed in an attempt to use courts to battle spyware companies, and one of the most successful so far.<\/p>\n<p>\u201cThe evidence unveiled [Thursday] shows exactly how NSO\u2019s operations violated U.S. law and launched their cyber-attacks against journalists, human rights activists and civil society,\u201d a WhatsApp spokesperson said via email. \u201cWe are going to continue working to hold NSO accountable and protect our users.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NSO Group used WhatsApp exploits after the messaging app sued<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2659,1702,1469,268,482,2345,2294],"tags":[2661,1706,1471,274,484,2348,2303],"class_list":["post-6263","post","type-post","status-publish","format-standard","hentry","category-exploit","category-meta","category-nso-group","category-privacy","category-spyware","category-u-s-courts","category-whatsapp","tag-exploit","tag-meta","tag-nso-group","tag-privacy","tag-spyware","tag-u-s-courts","tag-whatsapp"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/meta\/\" rel=\"category tag\">Meta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nso-group\/\" rel=\"category tag\">NSO Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spyware\/\" rel=\"category tag\">spyware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/u-s-courts\/\" rel=\"category tag\">U.S. courts<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/whatsapp\/\" rel=\"category tag\">WhatsApp<\/a>","tag_info":"WhatsApp","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6263"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6263\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6263,"date":"2024-11-15T14:24:07","date_gmt":"2024-11-15T20:24:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82638"},"modified":"2024-11-15T14:24:07","modified_gmt":"2024-11-15T20:24:07","slug":"nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/15\/nso-group-used-whatsapp-exploits-after-the-messaging-app-sued-the-spyware-developer-court-filing-says\/","title":{"rendered":"NSO Group used WhatsApp exploits after the messaging app sued the spyware developer, court filing says"},"content":{"rendered":"