Latest news with #spyware
TechCrunch
3 days ago
- Business
- TechCrunch
NSO Group asks judge for new trial, calling $167 million in damages ‘outrageous'
In May, a jury ruled that spyware maker NSO Group must pay $167 million in damages to WhatsApp for a 2019 hacking campaign that targeted more than 1,400 people. Calling the damages ruling 'outrageous,' 'blatantly unlawful,' and 'unconstitutionally excessive,' NSO Group now wants the judge overseeing the case to reduce the amount, or order a new trial. On Thursday, the company filed a motion for a new trial or a 'remittitur,' which is a procedure that allows a court to reduce an excessive verdict. Contact Us Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . The filing was first reported by legal news outlets Law360 and MLex. In the court filing, NSO Group's lawyers said that the 'outrageous punitive award exceeds the maximum lawful punitive damages award in this case by many orders of magnitude.' The lawyers argued that the amount ordered in punitive damages — the $167 million — violates limits that say the jury should not award damages 'greater than four times compensatory damages,' which were $444,719 in this case. The lawyers also argued that the jury's award is 'unlawful because it reflects the improper desire to bankrupt NSO out of general hostility toward its business activities other than the limited conduct for which punitive damages could be awarded in this case.' WhatsApp spokesperson Margarita Franklin told TechCrunch in a statement that WhatsApp will keep fighting the case. Techcrunch event Save now through June 4 for TechCrunch Sessions: AI Save $300 on your ticket to TC Sessions: AI—and get 50% off a second. Hear from leaders at OpenAI, Anthropic, Khosla Ventures, and more during a full day of expert insights, hands-on workshops, and high-impact networking. These low-rate deals disappear when the doors open on June 5. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you've built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | REGISTER NOW 'For the past six years, NSO has tried to avoid accountability at every turn. This is another expected attempt to claim impunity, in response to a strong message from the jury of U.S. citizens deciding to punish NSO for its 2019 illegal attack against an American company and its users,' said Franklin. 'We'll respond to the court as we continue to pursue a permanent injunction against NSO to prevent this spyware firm from targeting WhatsApp and our users ever again.' NSO Group also said in its court filing that the amount awarded in damages 'grossly exceeds NSO's ability to pay,' and 'reflects an improper desire to punish NSO.' During the trial, NSO Group already argued that it is in dire straits financially.
The Sun
15-05-2025
- The Sun
The five signs your partner is SPYING on you through your phone – it's not just heating up because of the sunshine
A DIGITAL expert has revealed the warning signs that could mean your partner is spying on you through your phone. Marc Porcar, CEO of QR Code Generator, says suspicious activity on your device points to monitoring software that tracks messages calls and even your location. 1 And he warns that modern spyware stays hidden from users while collecting personal data and sending it to third parties. Here's the five signs to look out for that could mean spyware has been installed on your phone without consent. Battery draining fast If you notice the battery no longer lasts a full day without a recharge, and you've been using it as normal, it might be a sign that a spy app is installed on your phone. Marc says: "Spyware will drain your battery because it's continuously running in the background. "These monitoring apps never enter sleep mode and they need to constantly maintain active connections to send data to the remote server." According to the expert, this stealth activity uses significant power and ultimately causes batteries to drain much faster than normal. Unexpected phone heating "Phones become hot when spy applications consume processing resources," Marc said. Instead of cooling down when idle devices with monitoring software installed often remain warm to the touch even when not in use. This overheating happens as the spyware makes the processor work harder than necessary during normal operation. "The temperature increase is in most cases a direct result of unauthorised background processes running on your phone," Marc continued. I married my partner after 90 days & he cheated on me straight away - I didn't realise he had so many red flags Increased data usage Marc pointed out that unusual data consumption can also reveal hidden monitoring. "Check your data usage statistics in your phone settings," he advised. Monitoring apps need to send collected information to their controllers which requires internet connectivity and uses data allowances. "These applications will show up as consuming data in the background sometimes using substantial amounts if they're sending images or recording audio," he said. Many victims first discover spyware when they receive unexpected data limit warnings from their mobile providers. Strange texts or notifications "Watch for text messages containing random characters or codes," Marc also warned. Some basic monitoring apps use SMS commands to control the spyware installed on a device. These might appear briefly before disappearing as the software tries to hide from the user. "If you notice messages that arrive and then vanish or see notifications from apps you don't recognise these warrant immediate investigation," he said. Unusual activity when idle The final warning sign involves strange behavior when the phone should be inactive. "Your screen might light up when you're not using it or you might hear unexpected sounds during calls," Marc said. This happens because some advanced spyware allows remote activation of device functions including microphones and cameras. "These features allow someone to listen to your conversations or view your surroundings without your knowledge – a serious invasion of privacy," he added. Marc recommends performing regular security checks on all devices. "Remove applications you don't recognise run security scans using trusted software and check for apps with suspicious permissions," he said. The digital security expert also noted that it's important to have strong passwords and keeping devices physically secure when you are around people. "Never leave your phone unlocked around someone you don't fully trust, and always have a screen lock", he cautioned. UK law considers unauthorised surveillance of another person's device a criminal offence under the Computer Misuse Act with penalties including imprisonment in serious cases. Marc added that factory resets offer a last resort solution. "If you suspect your device has been compromised and can't resolve the issue yourself, a complete reset will remove most types of spyware," he said.
The Sun
15-05-2025
- The Sun
Five terrifying warning signs you're being spied on through your PHONE – how to check if a partner is snooping
Roisin Chapman, Lifestyle Reporter Published: Invalid Date, IF you suspect your partner has been snooping through your phone, these tell-tale signs may help confirm your suspicions. Tech experts have revealed the indicators to look out for to ensure your smart device is secure. 2 Digital pros have revealed the warning signs that might indicate someone has installed spyware on your phone. Marc Porcar, CEO of QR Code Generator, explained that suspicious activity on your device may point to monitoring software that tracks your messages, calls, and even your location. The expert warned that modern spyware can stay hidden from users while collecting personal data and sending it to third parties. He outlined the top five signs to look out for if you suspect your phone has spyware installed. BATTERY DRAINING FAST If you notice your phone battery no longer lasts a full day without a recharge despite no significant changes in your usage patterns,this could indicate a spy app has been installed on your phone. "Spyware will drain your battery because it's continuously running in the background," Porcar explained. "These monitoring apps never enter sleep mode and they need to constantly maintain active connections to send data to the remote server." According to the expert, this stealth activity uses significant power, ultimately causing your battery to drain much faster than normal. UNEXPECTED PHONE HEATING "Phones become hot when spy applications consume processing resources," Porcor explained. Rather than cooling down when idle, devices with monitoring software installed often remain warm to the touch. WhatsApp is closing down on three mobile devices in hours with users blocked from sending and receiving messages Overheating happens as the spyware makes the processor work harder than necessary during normal operation. "The temperature increase is in most cases a direct result of unauthorised background processes running on your phone," the expert said. INCREASED DATA USAGE Porcar also revealed that unusual data consumption can also reveal hidden monitoring. "Check your data usage statistics in your phone settings," the tech pro advised. Similar to battery consumption, monitoring apps also drain your date as they send collected information to their controllers. This process requires internet connectivity, using your data allowance. "These applications will show up as consuming data in the background, sometimes using substantial amounts if they're sending images or recording audio," Porcar explained. Many people first discover spyware when they receive unexpected data limit warnings from their mobile providers. STRANGE TEXTS OR NOTIFICATIONS "Watch for text messages containing random characters or codes," the tech expert warned. Some basic monitoring apps use SMS commands to control the spyware installed on a device. These might appear briefly before disappearing as the software attempts to go unnoticed by the user. "If you notice messages that arrive and then vanish or see notifications from apps you don't recognise these warrant immediate investigation," he explained. UNUSUAL ACTIVITY WHEN IDLE Another sign that your phone may contain spyware is your device behaving strangely when it should be inactive. "Your screen might light up when you're not using it or you might hear unexpected sounds during calls," Porcar said. According to the pro, this happens because some advanced spyware allows remote activation of device functions including microphones and cameras. "These features allow someone to listen to your conversations or view your surroundings without your knowledge," he added. The expert went on to describe this as "a serious invasion of privacy". To combat this, Porcar recommends performing regular security checks on all devices. "Remove applications you don't recognise, run security scans using trusted software, and check for apps with suspicious permissions," he advised. The digital security expert also noted that it's important to have strong passwords and keep devices physically secure when you are around people. "Never leave your phone unlocked around someone you don't fully trust, and always have a screen lock" he warned. UK law considers unauthorised surveillance of another person's device a criminal offence under the Computer Misuse Act, with penalties including imprisonment in serious cases. Porcar added that factory resets offer a last resort solution. "If you suspect your device has been compromised and can't resolve the issue yourself, a complete reset will remove most types of spyware," he said. 2
TechCrunch
13-05-2025
- Business
- TechCrunch
Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit
On Tuesday, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company. The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than 1,400 of its users by taking advantage of a vulnerability in the chat app's audio-calling functionality. The verdict came after a week-long jury trial that featured several testimonies, including NSO Group's CEO Yaron Shohat and WhatsApp employees who responded and investigated the incident. Even before the trial began, the case had unearthed several revelations, including that NSO Group had cut off 10 of its government customers for abusing its Pegasus spyware, the locations of 1,223 of the victims of the spyware campaign, and the names of three of the spyware maker's customers: Mexico, Saudi Arabia, and Uzbekistan. TechCrunch read the transcripts of the trial's hearings and is highlighting the most interesting facts and revelations that came out. We will update this post as we learn more from the cache of more than 1,000 pages. Testimony described how the WhatsApp attack worked The zero-click attack, which means the spyware required no interaction from the target, 'worked by placing a fake WhatsApp phone call to the target,' as WhatsApp's lawyer Antonio Perez said during the trial. The lawyer explained that NSO Group had built what it called the 'WhatsApp Installation Server,' a special machine designed to send malicious messages across WhatsApp's infrastructure mimicking real messages. 'Once received, those messages would trigger the user's phone to reach out to a third server and download the Pegasus spyware. The only thing they needed to make this happen was the phone number,' said Perez. NSO Group's research and development vice president Tamir Gazneli testified that 'any zero-click solution whatsoever is a significant milestone for Pegasus.' NSO Group confirms it targeted an American phone number as a test for the FBI Contact Us Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about NSO Group, or other spyware companies? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . For years, NSO Group has claimed that its spyware cannot be used against American phone numbers, meaning any cell number that starts with the +1 country code. In 2022, The New York Times first reported that the company did 'attack' a U.S. phone but it was part of a test for the FBI. NSO Group's lawyer Joe Akrotirianakis confirmed this, saying the 'single exception' to Pegasus not being able to target +1 numbers 'was a specially configured version of Pegasus to be used in demonstration to potential U.S. government customers.' The FBI reportedly chose not to deploy Pegasus following its test. How NSO Group's government customers use Pegasus NSO's CEO Shohat explained that Pegasus' user interface for its government customers does not provide an option to choose which hacking method or technique to use against the targets they are interested in, 'because customers don't care which vector they use, as long as they get the intelligence they need.' In other words, it's the Pegasus system in the backend that picks out which hacking technology, known as an exploit, to use each time the spyware targets an individual. NSO Group's headquarters shares the same building as Apple In a funny coincidence, NSO Group's headquarters in Herzliya, a suburb of Tel Aviv in Israel, is in the same building as Apple, whose iPhone customers are also frequently targeted by NSO's Pegasus spyware. Shohat said NSO occupies the top five floors and Apple occupies the remainder of the 14-floor building. 'We share the same elevator when we go up,' Shohat said during testimony. The fact that NSO Group's headquarters are openly advertised is somewhat interesting on its own. Other companies that develop spyware or zero-days like the Barcelona-based Variston, which shuttered in February, was located in a co-working space while claiming on its official website to be located somewhere else. NSO Group admitted that it kept targeting WhatsApp users after the lawsuit was filed Following the spyware attack, WhatsApp filed its lawsuit against NSO Group in November 2019. Despite the active legal challenge, the spyware maker kept targeting the chat app's users, according to NSO Group's research and development vice president Tamir Gazneli. Gazneli said that 'Erised,' the codename for one of the versions of the WhatsApp zero-click vector, was in use from late-2019 up to May 2020. The other versions were called 'Eden' and 'Heaven,' and the three were collectively known as 'Hummingbird.' NSO says it employs hundreds of people NSO Group's CEO Yaron Shohat disclosed a small but notable detail: NSO Group and its parent company, Q Cyber, have a combined number of employees totalling between 350 and 380. Around 50 of these employees work for Q Cyber. NSO Group describes dire finances During the trial, Shohat answered questions about the company's finances, some of which were disclosed in depositions ahead of the trial. These details were brought up in connection with how much in damages the spyware maker should pay to WhatsApp. According to Shohat and documents provided by NSO Group, the spyware maker lost $9 million in 2023 and $12 million in 2024. The company also revealed it had $8.8 million in its bank account as of 2023, and $5.1 million in the bank as of 2024. Nowadays, the company burns through around $10 million each month, mostly to cover the salaries of its employees. Also, it was revealed that Q Cyber had around $3.2 million in the bank both in 2023 and 2024. During the trial, NSO revealed its research and development unit — responsible for finding vulnerabilities in software and figuring out how to exploit them — made up the majority of a $52 million budget. Shohat also said that NSO Group's customers pay 'somewhere in the range' between $3 million and 'ten times that' for access to its Pegasus spyware. Factoring in these numbers, the spyware maker was hoping to get away with paying little or no damages. 'To be honest, I don't think we're able to pay anything. We are struggling to keep our head above water,' Shohat said during his testimony. 'We're committing to my [chief financial officer] just to prioritize expenses and to make sure that we have enough money to meet our commitments, and obviously on a weekly basis.' First published on May 10, 2025 and updated with additional details.
WIRED
13-05-2025
- WIRED
Google's Advanced Protection for Vulnerable Users Comes to Android
With the rise of mercenary spyware and other targeted threats, tech giants like Apple, Google, and Microsoft have spent the last few years trying to figure out how to protect the digital lives of their most at-risk, vulnerable users around the world. On mobile, the launch of Apple's iOS Lockdown Mode in 2022 was one concerted effort to shed nonessential functionality in favor of maximum security—a tradeoff most users wouldn't want to make, but that could be very worth it for a public figure, activist, journalist, or dissident living under daily scrutiny and threat of attack. For years, Google has offered a program for a similar demographic called 'Advanced Protection' that focuses on adding additional layers of monitoring and security to vulnerable users' Google accounts, a core piece of many people's digital lives that could be devastating if compromised. Now, Google is extending Advanced Protection with a suite of features for Android 16. On Tuesday, the company announced an Advanced Protection mode for phones running the new version Android. At its core, the mode is designed around imposing strong security settings on all apps and services to silo data as much as possible and reduce interactions with unsecured web services and previously unknown, untrusted individuals. Advanced Protection on Android is meant to be as usable and flexible as possible, though, leaning on Google's rapidly expanding on-device AI scanning capabilities to provide monitoring and alerts without having to completely eliminate features. Still, the mode imposes restrictions that can't be turned off, like blocking phones from connecting to historic 2G data networks and disabling Chrome's Javascript optimizer, which could alter or break some web functionality on some sites. 'There are two classes of things that we use to defend the user. One is you obviously harden the system, so you try to lock things down, you prevent many forms of attacks," says Dave Kleidermacher, vice president of engineering at Android's security and privacy division. "But two is you can't always prevent every attack entirely. But if you can detect that you've been compromised you can take some sort of corrective action. In consumer security on mobile this detection has never really been a possibility, so that's one of the big things we've done here." This monitoring and detection capability, known as 'Intrusion Logging,' uses end-to-end encryption to indelibly store logs from your device in the cloud such that they can't be accessed by Google or any party aside from you, but also in a form that can't be deleted or modified, even if your device and Google account are compromised. Courtesy of Google Logging and system monitoring tools are common on laptops and desktops—not to mention in enterprise IT environments—but offering the capabilities for consumers on mobile devices is more unusual. As with any scheme that takes data off a device and puts it in the cloud, the system does introduce some new risks, but Google and Google Cloud Services already run many end-to-end encrypted platforms for users, and Kleidermacher notes that the ability to create indelible logs that can't be manipulated or deleted by a sophisticated attacker is invaluable in addressing targeted attacks. 'The main innovation here is you have an audit log mechanism to detect compromise that is actually resistant to device tampering,' he says. 'It's bringing intrusion detection to the consumer. So if you as a consumer suspect a problem and you're not sure, you can pull the logs down from the cloud. You can share them with a security expert, you can share them with an NGO, and they can use tools for analysis.' Another feature that is on by default and can't be turned off in Advanced Protection is Android's Memory Tagging Extension (MTE). The feature, which debuted for Google's Pixel line and is starting to be adopted in processors on other devices, is a hardware security protection related to how a system manages its memory. If an attacker attempts to exploit a memory vulnerability like a so-called 'buffer overflow," MTE will cause the process to fail, stopping the attack in its tracks. Memory corruption bugs are a common tool used by hackers, so neutering the entire class of vulnerabilities makes it much more difficult to attack a device.
