A US federal judge has permanently banned Israeli spyware vendor NSO Group from accessing or targeting Meta's WhatsApp platform.
Although the ruling marks a significant victory for digital privacy, it also dramatically reduced the damages Meta was originally awarded in its landmark lawsuit against the surveillance firm.
WhatsApp is among the world's most widely used encrypted messaging apps, with over 2 billion users globally. Its reputation as a secure communications tool has made it a repeated target of sophisticated spyware campaigns, including Pegasus, which has been documented in dozens of politically sensitive surveillance operations worldwide.
WhatsApp users shielded
The decision, issued by Judge Phyllis Hamilton of the US District Court for the Northern District of California on October 17, 2025, grants Meta's request for a permanent injunction against NSO Group. It follows a six-year legal battle over NSO's Pegasus spyware, which was deployed in a 2019 campaign that compromised approximately 1,400 WhatsApp users, including journalists, human rights defenders, and diplomats.
Judge Hamilton's 25-page ruling affirms that NSO's Pegasus spyware remains a credible threat to WhatsApp's infrastructure and user privacy, citing evidence that the firm has continued to probe the platform's defenses and develop evasive techniques to bypass them.
While the court upheld WhatsApp's request for an injunction, it substantially reduced the financial penalty. In May, a jury awarded Meta $167 million in punitive damages, on top of $444,719 in compensatory damages. However, citing proportionality rules under federal law, Hamilton capped punitive damages at a 9-to-1 ratio, slashing the total award to just over $4 million. The judge found that while NSO's actions were unlawful, they did not meet the legal threshold for “particularly egregious” misconduct required to sustain the larger award.
The decision stems from Meta's 2019 lawsuit against NSO Group, alleging violations of the Computer Fraud and Abuse Act (CFAA), California's Comprehensive Computer Data Access and Fraud Act (CDAFA), and WhatsApp's own terms of service. The company successfully demonstrated that NSO had weaponized WhatsApp's infrastructure through a system referred to as the WhatsApp Installation Server (WIS), used to silently deliver Pegasus spyware to targeted devices without the victims' knowledge or any user interaction.
Meta's Will Cathcart, head of WhatsApp, applauded the ruling, stating: “Today's ruling bans spyware maker NSO from ever targeting WhatsApp and our global users again. It sets an important precedent that there are serious consequences to attacking an American company.”
NSO Group changing hands
NSO Group, based in Herzliya, Israel, is one of the most prominent vendors in the surveillance-for-hire industry. Its flagship product, Pegasus, has been repeatedly implicated in abuses by authoritarian regimes, despite NSO's claims that it only sells to government agencies for lawful investigations. Pegasus enables full device takeover, allowing operators to activate microphones and cameras, harvest personal data, read messages, and track location, all while remaining nearly invisible to users. It has also been used in so-called “zero-click” attacks, where no interaction is needed from the target to infect a device.
Complicating matters further is the recent announcement that NSO Group has been acquired by a US-based investment group led by Hollywood producer Robert Simonds. The acquisition, confirmed last week, gives American investors controlling ownership of the company, though NSO insists it remains under Israeli regulatory control. As part of the deal, NSO's co-founder and executive chairman, Omri Lavie, will reportedly step down.
Despite the new ownership, John Scott-Railton of the University of Toronto's Citizen Lab, which has extensively investigated Pegasus deployments, expressed concern that the deal could provide a backdoor for NSO's re-entry into US markets, particularly law enforcement.
While the injunction limits NSO's ability to directly target WhatsApp, the broader threat posed by commercial spyware remains. Users, particularly those at higher risk such as activists, journalists, and political figures, are advised to activate ‘Advanced Protection' on Android and Lockdown mode on iOS, keep their OS and apps updated, enable security-enhancing options, and seek forensic analysis help if you receive suspicious messages.
Leave a Reply