In a significant development, WhatsApp emerged victorious against NSO Group on May 6, with a jury ordering the notorious spyware manufacturer to pay over $167 million in damages to the Meta-owned company.

This verdict marked the culmination of a protracted legal battle, which commenced in October 2019 when WhatsApp accused NSO Group of exploiting a vulnerability in its audio-calling feature to hack over 1,400 of its users.

The verdict was delivered after a week-long jury trial, featuring testimonies from prominent figures, including NSO Group’s CEO Yaron Shohat and WhatsApp employees who investigated the incident.

Prior to the trial, the case had already led to several significant revelations, including NSO Group’s admission of discontinuing services to 10 government customers due to the misuse of its Pegasus spyware. Additionally, the locations of 1,223 spyware victims and the names of three NSO Group customers – Mexico, Saudi Arabia, and Uzbekistan – were disclosed.

TechCrunch thoroughly examined over 1,000 pages of court transcripts, highlighting the most intriguing facts and revelations below.

New Testimony Reveals How the WhatsApp Attack Worked

According to WhatsApp’s lawyer, Antonio Perez, the zero-click attack, which required no interaction from the target, involved placing a fake WhatsApp phone call to the target. NSO Group had developed a specialized server, dubbed the “WhatsApp Installation Server,” designed to send malicious messages across WhatsApp’s infrastructure, mimicking real messages.

Perez explained that upon receiving these messages, the user’s phone would establish a connection with a third server to download the Pegasus spyware, requiring only the phone number to initiate the process.

Tamir Gazneli, NSO Group’s research and development vice president, testified that achieving any zero-click solution is a significant milestone for Pegasus.

NSO Admitted to Continuously Targeting WhatsApp Users After the Lawsuit Was Filed

Following the spyware attack, WhatsApp filed a lawsuit against NSO Group in November 2019. Despite the ongoing legal challenge, NSO Group continued to target WhatsApp users, as revealed by Gazneli.

Gazneli disclosed that “Erised,” a version of the WhatsApp zero-click vector, was in use from late 2019 to May 2020, along with two other versions, “Eden” and “Heaven,” collectively known as “Hummingbird.”

NSO Confirms Targeting an American Phone Number as a Test for the FBI

For years, NSO Group claimed its spyware could not be used against American phone numbers. However, in 2022, The New York Times reported that the company did “attack” a U.S. phone as part of a test for the FBI.

NSO Group’s lawyer, Joe Akrotirianakis, confirmed this, stating that the “single exception” to Pegasus not targeting +1 numbers was a specially configured version for demonstration to potential U.S. government customers.

The FBI reportedly chose not to deploy Pegasus following its test.

How NSO’s Government Customers Use Pegasus

NSO’s CEO, Shohat, explained that Pegasus’ user interface for government customers does not provide an option to choose the hacking method or technique, as customers are only concerned with obtaining the necessary intelligence.

The Pegasus system automatically selects the most suitable hacking technology, known as an exploit, to use against targets.

NSO Says It Employs Hundreds of People

Shohat disclosed that NSO Group and its parent company, Q Cyber, have a combined total of 350-380 employees, with around 50 working for Q Cyber.

NSO’s Headquarters Shares the Same Building as Apple

Interestingly, NSO Group’s headquarters in Herzliya, Israel, is located in the same building as Apple, whose iPhone customers are frequently targeted by NSO’s Pegasus spyware. Shohat noted that NSO occupies the top five floors, while Apple occupies the remainder of the 14-floor building.

Shohat mentioned that they share the same elevator when going up.

The fact that NSO Group’s headquarters are openly advertised is noteworthy, especially when compared to other spyware companies like Variston, which was located in a co-working space while claiming a different location on its official website.

Pegasus Spyware Cost European Customers Millions

During the trial, an NSO Group employee revealed that the company charged European customers $7 million, plus an additional $1 million for “covert vectors,” to access its Pegasus spyware between 2018 and 2020.

These costs likely refer to stealthy techniques used to plant the spyware on target phones, such as zero-click exploits, where the victim does not need to interact with a message or click a link to get hacked.

The prices of spyware and zero-days can vary depending on factors such as the customer, the number of concurrent targets, and feature add-ons like zero-click capabilities.

This could explain why a European customer paid $7 million in 2019, while Saudi Arabia reportedly paid $55 million and Mexico paid $61 million over several years.

NSO Describes a Dire State of Finances

During the trial, Shohat addressed questions about the company’s finances, which were partially disclosed in depositions ahead of the trial. These details were raised in connection with determining the amount of damages NSO Group should pay to WhatsApp.

According to Shohat and documents provided by NSO Group, the spyware maker lost $9 million in 2023 and $12 million in 2024. The company had $8.8 million in its bank account as of 2023 and $5.1 million in 2024, with a monthly expenditure of around $10 million, primarily to cover employee salaries.

Q Cyber had approximately $3.2 million in its bank account in both 2023 and 2024.

NSO Group’s research and development unit spent $52 million in expenses in 2023 and $59 million in 2024. Shohat stated that customers pay between $3 million and “ten times that” for access to Pegasus spyware.

Considering these financials, NSO Group hoped to pay minimal or no damages.

Shohat testified, “To be honest, I don’t think we’re able to pay anything. We are struggling to keep our head above water. We’re committing to my [chief financial officer] to prioritize expenses and ensure we have enough money to meet our commitments on a weekly basis.”

Initially published on May 10, 2025, and updated with additional details.