Intellexa is a spyware firm based and regulated in Europe. The company has six offices and R&D Labs spread across the EU. It has emerged as the rival of NSO Group, the company behind the infamous Pegasus spyware since, reportedly, the company is offering Android and iOS hacking services for $8 million.
The company, founded by entrepreneur Tal Dilian, claims that it helps intelligence and law enforcement agencies across the globe with its “best-in-class Nebula platform.” Last year, Citizen Lab published a report on Cytrox’s Predator iPhone spyware, in which Intellexa was mentioned. The spyware was used to target a lawmaker in Greece, and reportedly, Cytrox was linked to the Intellexa Alliance.
On August 24th, 2022, malware source code providing platform Vx-Underground came across some undated leaked documents containing details of a proposal by Intellexa to offer remote data extraction from Android and iOS devices in exchange for money. In its tweet followed by leaked documents screenshots, Vx-Underground noted that:
“Leaked Documents Online Show $8,000,000 iOS Remote Code Execution Zero Day Exploit.”
Intellexa’s offer includes ten infections for Android and iOS devices and The Magazine of 100 Successful Infections. The documents are titled Proprietary and Confidential, which revealed that the exploits work on iOS 15.4.1 and Android 12 updates.
It is worth noting that iOS 15.4.1 was released in March 2022, and this offer includes exploits for this version, so Intellexa must have offered this package recently.
So far, Apple has released three security updates since the mobile operating system release, so presumably, the iPhone maker has patched multiple 0-day vulnerabilities possibly exploited by Intellexa. However, it is also possible that the exploits it is offering may remain unpatched.
Researchers say that Intellexa is asking for $8 million for an iOS exploit. The offer is valid for a platform including stolen data analysis and a 12-month warranty.
As per Vx-Underground, although the documents have no date, the screenshots it received were posted on a Russian hacking forum on 14th July 2022.
- Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
- Thousands of firms hit by Beapy malware using NSA hacking tools
- Amnesty Intl. accuses Indian cyber security firm of spyware attacks
- Novel Confucius Android spyware hits military, nuclear entities in Pakistan
- Musk confirms Russian hacker tried hiring Tesla worker for malware attack