Connect with us

Hi, what are you looking for?



Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).

Leaked documents appear to show a little-known spyware company offering services that include Android and iOS device exploits for €8 million (roughly $8 million).

Exploit brokers and mercenary spyware providers have been in the spotlight recently, mainly due to revelations surrounding the use of the controversial Pegasus solution of Israeli company NSO Group.

One of NSO’s fairly new competitors is Intellexa, a company founded by Israeli entrepreneur Tal Dilian. The company claims on its website that it’s offering technologies that empower law enforcement and intelligence agencies to ‘help protect communities’. The company says it’s based in the EU and regulated, with six sites and R&D labs in Europe.

Vx-undergroud, which provides malware source code and other cybersecurity resources, posted some screenshots on Twitter on Wednesday showing several documents apparently representing a commercial proposal from Intellexa.

The documents, labeled as proprietary and confidential, describe services for remote data extraction from Android and iOS devices. Specifically, the offering is for remote, one-click browser-based exploits that allow users to inject a payload into Android or iOS mobile devices. The brief description suggests that the victim has to click on a link for the exploit to be delivered.

Intellexa spyware offer

The offer includes 10 concurrent infections for iOS and Android devices, as well as a “magazine of 100 successful infections”. The leaked documents also show a partial list of Android devices against which an attack would supposedly work.

The documents say the exploits should work on iOS 15.4.1 and the latest Android 12 update.

Apple released iOS 15.4.1 in March, which suggests that the offer is fairly recent. Three security updates have been released since for the mobile operating system. This means Apple may have patched one or more of the zero-day vulnerabilities used by the Intellexa iOS exploit, but it’s also possible for the exploits offered by these types of companies to remain unpatched for a long time.

Advertisement. Scroll to continue reading.

While some have described the $8 million as the price of an iOS exploit, the customer would actually get much more for the price. The offer is for an entire platform that includes capabilities to analyze the data extracted by the exploits, as well as a 12-month warranty.

The documents are not dated, but vx-undergroud said the screenshots were posted on the Russian-language hacker forum XSS on July 14.

While there is a lot of technical information available on the exploits offered by spyware companies, not much is known about what they charge customers. The New York Times reported in 2016 that the NSO Group had charged customers $500,000 to install its software and $650,000 to hack 10 devices. India’s Economic Times reported in 2019 that a Pegasus license cost roughly $7-8 million per year.

It’s also known that exploit brokers are prepared to pay as much as $2 million for full chain Android and iOS exploits that do not require any user interaction.

Intellexa was mentioned last year in a Citizen Lab report on Cytrox’s Predator iPhone spyware being used to target a Greek lawmaker. Citizen Lab said Cytrox was part of the Intellexa Alliance, which it described as a “a marketing label for a range of mercenary surveillance vendors that emerged in 2019”.

SecurityWeek has reached out to Intellexa, Apple and Google for comment.

Apple filed a lawsuit last year against NSO Group in an effort to ban the company from using its software, services or devices.

Related: Apple, Android Phones Targeted by Italian Spyware: Google

Related: FBI Confirms It Bought Spyware From Israel’s NSO Group

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.