■■■■□ Jewish NSO group Fallout.
NSO Group developed a specialized system called the WhatsApp Installation Server (WIS) to deploy its Pegasus spyware. This server sent malformed messages through WhatsApp’s infrastructure, mimicking legitimate traffic. These messages exploited vulnerabilities in WhatsApp’s code, causing target devices to reach out to NSO-controlled servers and install the spyware—all without user interaction.
To achieve this, NSO reverse-engineered WhatsApp, extracting and decompiling its code to craft messages that a standard client couldn’t send. These techniques violated WhatsApp’s Terms of Service and applicable laws.
NSO admitted to developing multiple exploit vectors, including Eden and Erised, which were part of a suite called Hummingbird. Notably, Erised was developed and used even after WhatsApp filed its lawsuit in 2019, continuing until WhatsApp implemented server-side patches in May 2020.
Additionally, NSO leased infrastructure from Amazon Web Services (AWS) starting in December 2018 to support its operations. AWS terminated these services in 2021 after being alerted to their misuse.
This case underscores the sophisticated methods employed by NSO to exploit communication platforms and the challenges in defending against such advanced threats.