SOCRadar® Cyber Intelligence Inc. | Spyware Firm Sold Android and iOS RCE Exploit for €8 Million


Sep 01, 2022
2 Mins Read

Spyware Firm Sold Android and iOS RCE Exploit for €8 Million

Intellexa, a spyware firm that originated in Greece, has entered the market recently. Its work is similar to Pegasus Spyware and offers RCE exploits for iOS and Android OS.

In November 2019, Cyprus authorities detained an Intellexa surveillance van with hacking tools that could track and hack any smartphone. The event brought the firm to public attention. 

Intellexa was also mentioned in a Citizen Lab report from 2021 about Pegasus and Cytrox Spyware, which stated that Cytrox Spyware is a part of the “Intellexa alliance.” 

Tal Dilian, the founder of Intellexa, claims that their work benefits law enforcement organizations, and their Nebula platform is to thank for this. Intellexa’s Nebula is an intelligence platform that is driven by data. It enables quicker research and easier data management. 

Record of a Purchase Was Leaked 

On Twitter, Vx-Underground posted screenshots of documents discovered on a Russian leak forum. The documents contained a bid from Intellexa, which appeared to be selling a zero-day remote data extraction exploit for €8,000,000.

(Source: Twitter

Even though the documents’ original dates are unknown, the screenshots Vx-Underground acquired from the leak forum were posted on July 14, 2022. 

What is the Scope of This Incident? 

The documents show that Intellexa offers ten infections for iOS and Android devices and the “100 successful infections” magazine. The exploits are revealed to work on iOS 15.4.1 and Android 12 upgrades in the docs with the title Proprietary and Confidential. 

According to researchers, Intellexa demands €8 million for an iOS hack. The price tag is reasonable, given that the platform includes stolen data analysis and a 12-month guarantee in their offer.

A page from the leaked Intellexa document

Apple has released three security upgrades; therefore, it is likely that they have fixed numerous zero-day vulnerabilities that Intellexa may have exploited. It is also possible that the exploits it is selling could continue to be unpatched.