NSO group slapped with $168m penalty for spreading Pegasus Malware

After an intense six-year legal battle, Meta, the parent company of Facebook, has emerged victorious in its fight against the Israeli cybersecurity firm NSO Group, developers of the notorious Pegasus malware. A Californian jury has awarded Meta a hefty $168 million penalty against NSO Group for the malicious targeting of its users, specifically those on WhatsApp and Instagram. This decision comes after a detailed investigation conducted by Meta in collaboration with Citizen Lab, which revealed that the spyware infiltrated over 1,400 users of the WhatsApp messaging platform.

In addition to the $168 million penalty, the court also mandated NSO Group to pay $444,000 in compensation to Meta, which owns both Instagram and the popular video calling platform. This ruling, announced on May 6, 2025, marks a significant victory for privacy advocates and the tech industry as a whole, as it highlights the growing concerns around digital surveillance and the protection of user data.

A Prolonged Legal Battle

Meta’s legal crusade against NSO Group began in October 2019, when the tech giant filed a lawsuit accusing the Israeli firm of developing and deploying malicious software designed to spy on individuals without their consent. The Pegasus malware, created by NSO Group, has been linked to several high-profile cases of digital surveillance, including the hacking of Amazon CEO Jeff Bezos’ phone, which exposed his affair with Lauren Sanchez. The spyware was reportedly sold to various governments and entities, with some cases involving targeted attacks on journalists, human rights activists, and political dissidents.

The case has drawn significant attention due to the nature of the offense—spying on individuals by secretly planting malicious software on their phones. This practice not only violates privacy rights but also poses a serious threat to personal security and digital integrity.

The Role of NSO Group and Pegasus Malware

NSO Group initially marketed Pegasus as a tool for governments to combat terrorism and criminal activity, but it soon became clear that the spyware was being misused for purposes that went far beyond its intended scope. The tool allows hackers to remotely access a target’s phone, steal personal data, track locations, and even activate cameras and microphones without the user’s knowledge. This capability has made Pegasus one of the most dangerous and intrusive forms of digital surveillance.

In one of the most infamous instances, NSO Group reportedly sold the software to a Saudi Prince, who allegedly used it to target Jeff Bezos, the founder of Amazon. The hacking of Bezos’ phone revealed private information, including his extramarital affair, which brought global attention to the misuse of digital surveillance tools.

As part of its legal action, Meta argued that NSO Group’s actions not only violated its users’ privacy but also undermined the security of its platforms. The company accused NSO Group of orchestrating a sophisticated digital attack that compromised WhatsApp’s encrypted messaging service, placing millions of users at risk. Meta’s lawsuit sought to hold the company accountable for its role in facilitating illegal surveillance and to send a strong message about the importance of user privacy and digital rights.

Meta’s Collaboration with Citizen Lab

Meta’s investigation into the matter was carried out in partnership with Citizen Lab, a renowned research group specializing in tracking and exposing digital surveillance activities. The group’s findings were crucial in identifying the scope of the attack and linking the intrusion to NSO Group’s Pegasus malware. Citizen Lab’s research has played a pivotal role in shedding light on how sophisticated cyber-espionage tools are being used to infringe on the privacy of individuals across the globe.

The partnership between Meta and Citizen Lab highlighted the importance of collaboration between technology companies and research organizations in combatting the growing threat of cyber-attacks and protecting user data from malicious actors.

The Legal Precedent and Future Implications

This landmark ruling sends a powerful message to other tech companies and cybersecurity firms that are engaged in similar practices. With the jury’s verdict, Meta has set a precedent for holding digital perpetrators accountable for violating privacy rights and engaging in illegal surveillance activities. Although NSO Group has the option to appeal the decision, the case has drawn attention to the broader issue of privacy and security in the digital age.

As surveillance tools like Pegasus become increasingly sophisticated, the need for stronger regulations and enforcement mechanisms to protect users from unauthorized surveillance becomes more urgent. The Meta-NSO case serves as a reminder of the ongoing battle to safeguard privacy in a world where digital surveillance is a growing threat.

Conclusion

Meta’s victory against NSO Group is a significant win for user privacy and digital rights, highlighting the increasing need for accountability in the tech industry. With the growing threat of cyber-attacks and digital espionage, the case serves as a call to action for both tech companies and governments to work together in protecting the fundamental right to privacy in the digital age. The $168 million penalty and the accompanying compensation send a clear message that privacy violations will not be tolerated, and those responsible for digital surveillance and hacking will face serious legal consequences.