Meta, the parent company of Facebook, Instagram, and WhatsApp, said on Monday that it would file a complaint against Israel’s spyware company, NSO Group, for failing to comply with a court order prohibiting the targeting of WhatsApp users.
The complaint accuses the Israeli firm of running a phishing campaign that tricks users into clicking links leading to malicious websites, and of testing its products on WhatsApp accounts and groups.
Meta then calls on the US justice system to hold NSO Group in contempt for violating the court order prohibiting it from targeting WhatsApp users.
“As always, WhatsApp users’ personal messages and calls remain protected with default end-to-end encryption. We encourage people to keep their apps and devices up to date and report suspicious activity so we can quickly investigate and take action,” read the statement by Meta.
NSO Group’s previous legal dispute with Meta ended last year, after a six-year legal battle forced the Israeli company to pay Meta reparations for damages to its users.
The case began in 2019, when Meta “engineers detected and stopped an attack by NSO using its spyware tool Pegasus to target over a thousand WhatsApp users.”
In total, NSO had to pay $167 million in damages and was blacklisted by the United States government as a company engaged in activities dangerous to US national security.
Pegasus exploits a number of vulnerabilities in the software, but mostly so-called “zero-day vulnerabilities.”
These vulnerabilities are called “zero-day” because they are loopholes in the software and operating systems of our devices that have not yet been discovered (hence the “zero-day”) and have not been closed by the companies that produce the equipment or operating systems, such as Android by Google.
The spyware performs an action that, if someone without permission were to activate it, would be considered a criminal act and a violation of the law.
It is “offensive cyber” software; it does not perform defensive actions but rather offensive ones intended to compromise the existing defenses of devices and operating systems.
