Facebook Secretly Tried To Buy Pegasus Spyware From NSO Group to Monitor Apple Users

NSO Group CEO Shalev Hulio declared in a lawsuit document that social media giant Facebook attempted to buy the Pegasus spyware from NSO Group in 2017.

Facebook filed a lawsuit against the NSO group in the U.S district count in northern direct of California for hacking its WhatsApp messenger. As it was reported that, around 121 WhatsApp users in India were also targeted as a chain of the attack. However, the hackers were capable of breaching 20 users out of the 121 targets strongly.

As per the court filing in which, NSO Group CEO states that “Facebook was concerned that its process for collecting user data via Onavo Protect was less useful on Apple devices than on Android devices.” Not only this,

During the time, Facebook was in an initial stage of deploying the VPN Product called Onavo Protect that helps Facebook to analyze the user’s traffic and their activities and send them through the VPN.

Shalev Hulio also stated that ” Facebook proposed to pay NSO a monthly fee for each Onavo Protect user. Facebook is a private entity and not a sovereign government or government agency for national security and law enforcement purposes and therefore does not meet NSO’s customer criteria and NSO group declined the sale”

But a Facebook spokesperson also declared in a statement that the NSO CEO is misleading communications within the company and Facebook workers.

Moreover, the spokesperson also stated that “NSO is attempting to distract from the actions that Facebook and WhatsApp recorded in court over six months ago. Their effort to evade duty involves incorrect descriptions about both their spyware and a conversation with people who work at Facebook”. 

Our lawsuit explains how NSO is accountable for attacking over 100 human rights activists and journalists throughout the world”. However, those being attacked just require to tap on a “seemingly harmless link” received by message, and that lets the spyware jailbreak the user’s device and install malware to monitor and steal data from it. 

Well, these data are traded to the person (or organization) who implemented the link, and in maximum cases, it is sensitive data. Thus, data obtained from target devices comprises all messages, log-in information, photos, and data covering the complete history of the phone’s location.

NSO has said that it trades Pegasus only to intelligence and law enforcement agency clients. Last year Apple pressured Facebook to eliminate Onavo Protect from the App Store. Thus, Facebook has also condemned Apple’s operating system for the hacking of Amazon Founder and CEO Jeff Bezos’s phone.

Analysts believe that Bezos’s iPhone was hacked after he got a 4.4MB video file carrying malware by WhatsApp. Similarly, when phones of 1,400 picked people, including journalists and human rights activists, were separated into by Pegasus software from NSO Group last year, as we stated above.

Thus, in an interview with the BBC, Facebook’s Vice President of Global Affairs and Communications, Nick Clegg, has announced it wasn’t WhatsApp’s responsibility because end-to-end encryption is unhackable and criticized Apple’s operating system for Bezos’ incident.

So, what do you think bout this? Simply share all your views and thoughts in the comment section below.

Also Read: 10 Different Types of Dangerous Malware Attack and How to Avoid them

Tushar Subhra Dutta

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

9 hours ago

Beware of Free VPNs that Install Malicious Botnets

Virtual Private Networks (VPNs) have become essential tools for internet users. However, the allure of…

12 hours ago

HPE Critical 3PAR Processor Flaw Let Remote Attackers Bypass Authentication

Hewlett Packard Enterprise (HPE) has addressed a critical vulnerability in its 3PAR Service Processor software…

15 hours ago

Chrome Security Update: Patch for Multiple Flaws that Leads to Remote Code Execution

Google has announced the release of Chrome 126, a critical security update that addresses 10…

17 hours ago

CrowdStrike Update Pushing Windows Machines Into a BSOD Loop

A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users…

18 hours ago

Oracle WebLogic Server Vulnerability Allows Complete Server Take Over

A critical vulnerability identified as CVE-2024-21181 has been discovered in the Oracle WebLogic Server, posing…

18 hours ago