US Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

Mar 02, 2024NewsroomSpyware / Privacy

Pegasus Spyware

A US judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant’s ongoing litigation against an Israeli spyware vendor.

the decision, marking a major legal victory for Meta, which filed a lawsuit in October 2019 for using its infrastructure to distribute spyware to approximately 1,400 mobile devices between April and May. This too included two dozen Indian activists and journalists.

These attacks used a zero-day flaw in the instant messaging app (CVE-2019-3568CVSS score: 9.8), a critical buffer overflow bug to enable voice calls, to deliver Pegasus by simply calling, even in scenarios where calls are not answered.


Additionally, the attack chain includes steps to delete incoming call information from the logs in an attempt to sidestep detection.

Court documents released late last month show that NSO Group was asked to “produce information about the full functionality of the related spyware,” specifically within a year prior to the alleged attack to one year after the alleged attack (ie, from April. 29, 2018, to May 10, 2020).

As such, the company does not need to “provide specific information about the server architecture at this time” because WhatsApp “can obtain the same information from the entire functionality of the alleged spyware.” Perhaps more importantly, it is saved from sharing the identities of its clients.

“While the court’s decision is a positive development, it is disappointing that the NSO Group will be allowed to continue to keep the identity of its clients, who are responsible for this unlawful targeting, a secret,” SAYS Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab.

The NSO Group was sanctioned by the US in 2021 for developing and supplying cyber weapons to foreign governments that “used these tools to maliciously target government officials, journalists, businessmen, activists , academics, and embassy workers.”


The development comes as Recorded Future unveils a new multi-tiered delivery infrastructure related to Predator, a mercenary mobile spyware managed by the Intellexa Alliance.

The infrastructure network is likely to be associated with Predator’s customers, including countries such as Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago. It should be noted that no Predator customers within Botswana and the Philippines have been identified so far.

“Although the Predator operators responded to the public reporting by changing some aspects of their infrastructure, they seem to have continued to have little change in their operating procedures; these include consistent fraud theme and targeting types of organizations, such as news outlets, while following established. infrastructure setups,” the company SAYS.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment