A jury in California has awarded Meta Platforms more than $167 million (£125m) in damages from Israeli spyware supplier NSO Group for exploiting WhatsApp back in 2019.

Meta Platforms dedicated a webpage to the jury’s decision to force NSO to pay Meta damages, which it said “is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and our users worldwide.”

It comes after Meta Platforms’ WhatsApp in December 2024 won a significant legal ruling against NSO, with a US federal judge in California saying the Israeli firm illegally hacked into WhatsApp’s systems to plant spyware on the phones of some some 1,400 targeted people.

WhatsApp damages

District Judge Phyllis Hamilton in Oakland, California had approved WhatsApp’s motion for summary judgement in the five-year-old case, saying at the time that NSO violated the US Computer Fraud and Abuse Act with its spyware program Pegasus.

And now a jury has ordered NSO to pay $167 million (£125m) in damages.

“Six years ago, we detected and stopped an attack by the notorious spyware developer NSO against WhatsApp and its users, and today, our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone,” said Meta Platforms.

“The jury’s decision to force NSO to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and our users worldwide,” it added.

“This trial also revealed that WhatsApp was far from NSO’s only target – this is an industry-wide threat and it’ll take all of us to defend against it,” it said.

And in an unusual step Meta said it would be “publishing (unofficial) transcripts of deposition videos that were shown in open court so that these records are available to researchers and journalists studying these threats and working to protect the public. We intend to add official court transcripts once they become available.”

Pegasus background

It all began in May 2019 when WhatsApp suddenly urged all its users to update their software to fix a vulnerability that was being actively exploited to implant advanced surveillance tools on users’ devices.

In October 2019 Meta’s WhatsApp had filed a lawsuit against the Israeli firm, alleging NSO was behind the cyberattack in May 2019 that had infected devices with advanced surveillance tools (namely the Pegasus spyware).

WhatsApp alleged that had NSO exploited a bug in the messaging app to install spyware. It said the software was used for the surveillance of 1,400 people, including journalists, human rights activists and dissidents.

Apple also filed its own lawsuit against NSO in November 2021.

Global surveillance

But soon the furore surrounding NSO’s Pegasus spyware became even greater when a December 2020 report by Citizen Lab at the University of Toronto alleged that dozens of Al Jazeera journalists had been hacked with the help of Pegasus, by exploiting a vulnerability in the iPhone operating system.

Worse was to come in July 2021, when the Pegasus Project (a collaboration of more than 80 journalists and media organisations) alleged that NSO’s Pegasus had been used “to facilitate human rights violations around the world on a massive scale.”

It allegedly uncovered evidence that revealed that the phone numbers for 14 heads of state, including French President Emmanuel Macron, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa, as well as 600 government officials and politicians from 34 countries, had appeared in a leaked database at the heart of the investigative project.

In September 2021 the investigative website Mediapart alleged that traces of Pegasus spyware had even been found on the mobile phones of at least five French cabinet ministers, deepening the diplomatic fallout.

In November 2021 NSO was officially blacklisted by the US Commerce Department when it was placed on the US entity list. Being placed on the Entity List, means that exports to the firm from US companies are restricted.

NSO for its part, always maintained that it sells its Pegasus software to governments and law enforcement agencies for the purpose of tracking down terrorists and other criminals.

But such was the furore, that NSO at one stage explored its strategic options that included shutting its controversial Pegasus unit, or selling the entire division.

Meanwhile during this time Meta’s WhatsApp lawsuit against NSO had continued.

WhatsApp lawsuit

NSO didn’t help its cause in March 2020 when it failed to show up in an American court after efforts were made to serve legal papers against it.

A California court clerk entered a notice of default against the Israeli firm.

NSO responded and asked the US court to sanction Meta for allegedly failing to abide by international law with regards to its lawsuit against the surveillance software maker.

And in November 2021 the 9th US Circuit Court of Appeals in San Francisco rejected a claim by NSO that it was immune from being sued, because it had acted as a foreign government agent when it had installed the Pegasus spyware.

In March 2024 NSO was ordered by a US judge to hand over its code for Pegasus and other spyware products to Meta ‘s WhatsApp, which it refused to do.

Fresh allegation

And this is not the end of the matter.

In February 2025 WhatsApp alleged that dozens of WhatsApp users, including journalists and other members of civil society, were targeted by hacking activity from spyware maker Paragon Solutions.

The messaging platform said at the time it had “high confidence” that some 90 users had been targeted and may have been compromised.

Like NSO, Paragon says it sells only to government customers.