WhatsApp Lawsuit Reveals Over 1,400 Pegasus Spyware Infections

Sophia Taylor

By Sophia Taylor

Published:

Newly released court documents shed light on the controversial operations of Israeli spyware maker NSO Group and its Pegasus spyware, which has been linked to serious cybersecurity concerns for years.

The revelations come from a lawsuit filed by WhatsApp in 2019, accusing NSO Group of using the messaging platform to distribute spyware to over 1,400 mobile devices.

Exploiting WhatsApp’s Security

The documents reveal how NSO exploited vulnerabilities in WhatsApp to install its spyware on targeted devices. Pegasus is a powerful tool that allows attackers to access messages, passwords, and even track the location of victims—all without the user’s knowledge.

Unlike typical malware, Pegasus employs “zero-click” exploits, meaning it can infect a device without any action from the victim, such as clicking a malicious link.

WhatsApp alleges that NSO reverse-engineered its systems and created tools like the WhatsApp Installation Server (WIS) to impersonate legitimate client apps and send malicious data to targets.

Even after WhatsApp blocked these exploits in 2018, NSO developed new methods, such as tools called “Eden” and “Erised,” to bypass updated security measures.

Who Was Targeted?

The victims of Pegasus spyware include journalists, human rights activists, political dissidents, and foreign diplomats.

The spyware has been linked to surveillance abuses by authoritarian regimes, despite NSO Group’s claims that it only sells the software to governments for legitimate purposes like fighting crime and terrorism. A 2021 leak showed that NSO customers had targeted over 50,000 phone numbers globally.

One particularly concerning example involves Dubai’s Princess Haya, who fled the UAE in 2019. Pegasus was reportedly used to spy on her and other members of her family.

NSO’s Role Under Scrutiny

Despite its claims of being a mere vendor, the court filings suggest NSO played a more direct role in Pegasus operations than previously acknowledged.

WhatsApp’s lawyers allege the company handled much of the spyware deployment itself, leaving minimal involvement for its government clients. The filings describe Pegasus as “turnkey” spyware—clients only needed to input a phone number, and NSO’s systems would handle the rest, including data retrieval.

In fact, WhatsApp alleges NSO cut off several clients for excessive abuse of the spyware, further suggesting that NSO maintained operational oversight.

A Growing Global Concern

Pegasus spyware has drawn international condemnation for its role in violating privacy and enabling government overreach.

The U.S. blacklisted NSO Group in 2021, restricting its ability to operate or conduct business with U.S. entities. Meanwhile, lawsuits from companies like WhatsApp and Apple aim to hold NSO accountable for its actions.

The revelations underscore the broader dangers of commercial spyware. As the market for these tools grows, so does the potential for abuse. For consumers, the story is a reminder of the vulnerabilities in even trusted apps and the importance of ongoing vigilance in cybersecurity.