We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Israel's NSO Ordered to Pay $167M in WhatsApp Spyware Case

Israel's NSO Ordered to Pay $167M in WhatsApp Spyware Case
Husain Parvez First published on May 09, 2025 Cybersecurity Researcher

A federal jury has ordered NSO Group, the Israeli spyware firm behind Pegasus, to pay over $167 million in damages to WhatsApp for illegally hacking more than 1,400 users. The decision caps a six-year legal battle and marks the largest penalty ever levied against a spyware company.

First reported by TechCrunch, the jury awarded $167,256,000 in punitive and $440,000 in compensatory damages. WhatsApp described the decision as “an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone.” Meta, WhatsApp’s parent company, said any recovered funds would be donated to digital rights organizations.

The attacks occurred between 2018 and 2020, exploiting a vulnerability in WhatsApp’s voice-calling feature that allowed Pegasus to infect targets’ phones without any user interaction. As we reported last month, the victims included journalists, dissidents, and government officials in more than 20 countries. Although Judge Phyllis Hamilton previously ruled that NSO violated U.S. and California anti-hacking laws, the jury was left to decide the final damages.

“After years of every trick and delay tactic, it only took the jury a day’s deliberation,” Citizen Lab researcher John Scott-Railton told TechCrunch, calling the verdict a historic reckoning for the commercial spyware market. According to The Washington Post, the trial also revealed that NSO used WhatsApp’s own servers to deliver malicious payloads to users, with the jury concluding that the company acted with “oppression, fraud, or malice.”

NSO denied the accusations, claiming Pegasus was never deployed on WhatsApp servers and insisting it only sells its tools to vetted government clients. Nevertheless, Meta argued the spyware continued to evolve even after the lawsuit began — proof, it said, of willful misconduct. “This lawsuit is about publicity,” NSO’s attorney told the jury, dismissing WhatsApp’s motives as PR-driven.

The decision comes amid rising global concern over the unchecked spread of commercial spyware. Late last year, we reported that Pegasus infections were still active on both iOS and Android, according to technical analysis by the iVerify team.

Though NSO says it will appeal the verdict, the ruling — combined with the U.S. government’s prior blacklisting of the company — underscores a shrinking space for surveillance tech firms operating in legal gray zones. For the spyware industry, the message is clear: the era of accountability has begun.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address