A spyware firm is offering iOS and Android hacking services for $8 million according to leaked documents

By Anusha Sawhney Published on August 25, 2022, 22:33 IST

Exploit brokers and mercenary spyware providers have recently been under scrutiny, owing to revelations about the use of Israeli business NSO Group’s notorious Pegasus solution.

Intellexa, a business created by Israeli entrepreneur Tal Dilian, is one of NSO’s relatively new competitors. According to the company’s website, it provides technologies that enable law enforcement and intelligence organizations to ‘help secure communities.’ The company claims to be established in the EU and regulated, with six European facilities and R&D labs.

On Wednesday, Vx-underground, which sells malware source code and other cybersecurity tools, tweeted some screenshots of multiple documents that appeared to represent a commercial proposition from Intellexa.

The proprietary and confidential docs outline services for remote data extraction from Android and iOS devices. The solution is specifically for remote, one-click browser-based exploits that let users inject a payload into Android or iOS mobile devices. According to the brief explanation, the victim must click on a link for the exploit to be deployed.

The deal includes ten simultaneous infections for iOS and Android devices, as well as a “magazine of 100 successful infections.” The released documents also include a short list of Android devices that would allegedly be vulnerable to an assault.

According to the docs, the exploits should operate on iOS 15.4.1 and the most recent Android 12 release. Apple released iOS 15.4.1 in March, implying that the offer is relatively new. Since then, three security patches for the mobile operating system have been released. This means that while Apple may have patched one or more of the zero-day vulnerabilities used by the Intellexa iOS attack, the exploits given by these types of organizations may remain unpatched for an extended period of time.

While some have referred to the $8 million as the cost of an iOS exploit, the user would actually receive far more for the money. The deal is for a whole platform that includes data analysis capabilities and a 12-month warranty.

The documents are not dated, but the screenshots were posted on the Russian-language hacker site XSS on July 14, according to vx-underground.

While there is a wealth of technical knowledge available on the exploits provided by spyware businesses, little is known about the fees they charge consumers. According to the New York Times, the NSO Group charged customers $500,000 to install its software and $650,000 to infiltrate 10 devices in 2016. According to the Economic Times of India, a Pegasus license costs approximately $7-8 million each year.

It’s also been reported that exploit brokers are willing to pay up to $2 million for full-chain Android and iOS exploits that don’t require any user input.

Intellexa was highlighted in a Citizen Lab investigation last year about Cytrox’s Predator iPhone malware being used to target a Greek legislator. Citizen Lab defined Cytrox as a member of the Intellexa Alliance, which is “a marketing term for a range of mercenary surveillance companies that emerged in 2019.”