Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).

Exploit brokers and mercenary spyware providers have been in the spotlight recently, mainly due to revelations surrounding the use of the controversial Pegasus solution of Israeli company NSO Group.

One of NSO’s fairly new competitors is Intellexa, a company founded by Israeli entrepreneur Tal Dilian. The company claims on its website that it’s offering technologies that empower law enforcement and intelligence agencies to ‘help protect communities’. The company says it’s based in the EU and regulated, with six sites and R&D labs in Europe.

Vx-undergroud, which provides malware source code and other cybersecurity resources, posted some screenshots on Twitter on Wednesday showing several documents apparently representing a commercial proposal from Intellexa.

The documents, labeled as proprietary and confidential, describe services for remote data extraction from Android and iOS devices. Specifically, the offering is for remote, one-click browser-based exploits that allow users to inject a payload into Android or iOS mobile devices. The brief description suggests that the victim has to click on a link for the exploit to be delivered.

Intellexa spyware offer

The offer includes 10 concurrent infections for iOS and Android devices, as well as a “magazine of 100 successful infections”. The leaked documents also show a partial list of Android devices against which an attack would supposedly work.

The documents say the exploits should work on iOS 15.4.1 and the latest Android 12 update.

Apple released iOS 15.4.1 in March, which suggests that the offer is fairly recent. Three security updates have been released since for the mobile operating system. This means Apple may have patched one or more of the zero-day vulnerabilities used by the Intellexa iOS exploit, but it’s also possible for the exploits offered by these types of companies to remain unpatched for a long time.

While some have described the $8 million as the price of an iOS exploit, the customer would actually get much more for the price. The offer is for an entire platform that includes capabilities to analyze the data extracted by the exploits, as well as a 12-month warranty.

The documents are not dated, but vx-undergroud said the screenshots were posted on the Russian-language hacker forum XSS on July 14.

While there is a lot of technical information available on the exploits offered by spyware companies, not much is known about what they charge customers. The New York Times reported in 2016 that the NSO Group had charged customers $500,000 to install its software and $650,000 to hack 10 devices. India’s Economic Times reported in 2019 that a Pegasus license cost roughly $7-8 million per year.

It’s also known that exploit brokers are prepared to pay as much as $2 million for full chain Android and iOS exploits that do not require any user interaction.

Intellexa was mentioned last year in a Citizen Lab report on Cytrox’s Predator iPhone spyware being used to target a Greek lawmaker. Citizen Lab said Cytrox was part of the Intellexa Alliance, which it described as a “a marketing label for a range of mercenary surveillance vendors that emerged in 2019”.

SecurityWeek has reached out to Intellexa, Apple and Google for comment.

Apple filed a lawsuit last year against NSO Group in an effort to ban the company from using its software, services or devices.

Related: Apple, Android Phones Targeted by Italian Spyware: Google

Related: FBI Confirms It Bought Spyware From Israel’s NSO Group

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet