WhatsApp is suing an Israeli surveillance company for a cyber attack targeting 1,400 users earlier this year.
The Facebook owned messaging app is seeking undisclosed damages from the NSO Group for using its services to spy on users in April, according to a suit filed in the Northern District of California court on Tuesday.
It alleges that NSO employees created WhatsApp accounts to send malicious software to lawyers, journalists, human rights activists, political dissidents, diplomats and senior foreign government officials. The malware was injected by initiating a WhatsApp call which the targets did not need to answer for their phones to become infected.
The hacking tool, dubbed "Pegasus" could remotely retrieve calls, messages, and location on smartphones running Android, iOS, and BlackBerry operating systems.
NSO Group is reported to have several government contracts around the world for surveillance tools and Pegasus is its most popular products.
It responded to the suit claiming that "in the strongest possible terms" it denied the allegations and would "vigorously fight them". It said its sole purpose was to fight terrorism and serious crime on behalf of intelligence and law enforcement agencies.
A spokesman said: "The truth is that strongly encrypted platforms are often used by pedophile rings, drug kinpins and terrorists to shield their criminal activity. Wiithout sophisticated technologies, the law enforcement agencies meant to keep us all safe face insurmountable hurdles. NSO's technologies provide proportionate, lawful solutions to this issue."
In May, engineers conducting routine security checks noticed the malware in circulation and WhatsApp urged its 1.5bn users to update the app to ensure they were using a safer version. It did not say at the time how many, or whom, had been affected but announced that a "select number" of users had been victims. The bug affected all but the latest version of the app on iOS and Android.
WhatsApp numbers implicated included country codes from several countries including Bahrain, the United Arab Emirates and Mexico, Facebook said.
Facebook's lawyers will argue that NSO Group broke WhatsApp's terms of service and broke the Computer Fraud and Abuse Act.
In May, the Financial Times reported that a UK-based human rights lawyer had been targeted, along with Amnesty International. At the time, NSO Group’s spokesman said it was investigating but that it "would not, or could not" use its own software to target an individual or organisation.
NSO, which has used several different names to avoid scrutiny, was founded in Israel in 2010. It opened a marketing headquarters in the US and in 2014, San Francisco Partners, a Silicon Valley-based investment company invested an undisclosed sum into the startup. It sold its controlling stake to Novalpina, a London-based equity company in February.