NSO’s three exploits targeted WhatsApp users
One technique that NSO used to allow its customers to target WhatsApp users, described in one document, was to set up something the company called a “WhatsApp Installation Server,” or WIS, which WhatsApp calls a “fake client.” This was essentially a modified version of the WhatsApp app that NSO developed and used to send messages — including their malicious exploits — to regular WhatsApp users. NSO admitted setting up real WhatsApp accounts for its customers, per one of the court documents.

WhatsApp was able to defeat both NSO’s “Eden” and “Heaven” exploits with patches and security updates, according to an internal NSO communication.