The US’s biggest social-networking firm won its case in December following a ruling that the spyware company used its tool, Pegasus, to target "over a thousand" WhatsApp users.
However, on Tuesday (06.05.25), a jury in California agreed that NSO needed to hand over $444,719 in compensatory damages, as well as $167.3m in punitive damages to Meta.
Meta - which is seeking to secure a court order to stop NSO "from ever targeting WhatsApp again" - said the jury's decision is a "critical deterrent to this malicious industry against their illegal acts aimed at American companies and our users worldwide".
The trial also pointed out that WhatsApp "was far from NSO's only target" - as Pegasus has had "many other spyware installation methods to exploit other companies’ technologies to manipulate people’s devices into downloading malicious code and compromising their phones".
NSO was "forced to admit" that it splashes out "tens of millions of dollars annually" to "develop malware installation methods" on messaging services, browsers and operating systems - with Apple iOS- and Google Android-powered devices being capable of being compromised "to this day".
In a statement published on its website, Meta said: "Given how much information people access on their devices, including through private end-to-end encrypted apps like WhatsApp, Signal and others, we will continue going after spyware vendors indiscriminately targeting people around the world.
"These malicious technologies are a threat to the entire ecosystem and it’ll take all of us to defend against it.
"Today’s ruling shows spyware companies that their illegal actions against American technologies will not be tolerated.
"In this specific case, we know we have a long road ahead to collect awarded damages from NSO and we plan to do so.
"Ultimately, we would like to make a donation to digital rights organisations that are working to defend people against such attacks around the world. Our next step is to secure a court order to prevent NSO from ever targeting WhatsApp again.
"As always, we encourage security researchers to report security bugs through our Bug Bounty program so we can work together to quickly resolve them and protect our users."