Earlier today, WhatsApp caught and disrupted spear phishing activity that it believes stems from NSO Group, the Israeli company known for creating spyware tools and a company that is on the US National Security blacklist. The company is believed to have tried to conduct 1-click social engineering activities in small clusters through text messages, emails, and, of course, the messaging app.
What’s Going On?
To fully understand what is happening, we have to go all the way back to the year 2019, when WhatsApp filed a lawsuit against the NSO Group for exactly what is happening now. Back then, the Meta-owned messaging service filed a lawsuit against the Israeli spy tool maker, accusing them of building a hacking tool called Pegasus, and selling it to the highest bidder.
The tool effectively helped NSO Group to hack into WhatsApp’s servers, severely compromising an estimated 1,400 users at the time, between 29 April and 10 May 2019. What made the situation even more egregious was that many of the targets were reported senior government officials of different nationalities, and all allies of the US. At the time, the list included the UAE, Bahrain, Mexico, and India, among others.
How Bad Was Pegasus?
It was bad. Initially, NSO Group designed Pegasus to be inserted via voice calls. The problem was that once the hacking tool was inside your device, it could steal user data from other accounts and apps that are logged into the infected device.
Once inside, Pegasus was able to access data from accounts that included Apple, Facebook, Microsoft, and Google cloud services. It was a noticeable upgrade over its initial ability to only harvest data directly from the phone’s storage.
What Happened Next?
As we said, WhatsApp’s parent company, Meta, filed a lawsuit against NSO Group in a US Court, asking that the court issue a cease-and-desist order to the Israeli company, and also that the social network be awarded damages.
Meta won the case, with the court ruling that NSO Group pay out more than US$167 million (~RM678 million) in damages, although that was later reduced to a paltry US$4 million (~RM16.26 million). The judge also attached a permanent injunction that banned the spyware maker from targeting WhatsApp and its user base.
Alright, So What Now?
As NSO Group’s actions come less than a year after the injunction and also a blatant violation of it, Meta has asked a US Federal Court to intervene and hold it in comtempt. So far, the latest phishing attempt has targeted less than 10 WhatsApp users, the majority of whom Meta claims were “primarily” in Jordan and Lebanon.
This may not be the only spyware attempt by the NSO Group; earlier in May, Apple issued a spyware warning to iPhone users globally, after an Italian journalist and a Dutch right-wing commentator became targets of the spyware. The source of the attack was unknown, but Apple cited that it had all the hallmarks of Pegasus, given how it said it was able to gain access to data from the targets’ devices.
At the time of writing, NSO Group did not release any comment.
(Source: WhatsApp PR, Engadget)
