A little known spyware company, Intellexa, is now competing with Pegasus developer NSO Group, offering its services to hack into Android and iOS devices for a fee of $8 million (around Rs 64 crore). Malware source code provider Vx-underground found documents representing a proposal from Intellexa, offering services that include Android and iOS device exploits.
“Leaked documents online show the purchase (and documentation of) an $8,000,000 iOS Remote Code Execution zero-day exploit," it tweeted.
The offer includes 10 infections for iOS and Android devices, as well as a “magazine of 100 successful infections".
According to Security Week, the documents, “labeled as proprietary and confidential", revealed that the exploits should work on iOS 15.4.1 and the latest Android 12 update.
Apple released iOS 15.4.1 in March, which suggests that the offer is recent.
“Specifically, the offering is for remote, one-click browser-based exploits that allow users to inject a payload into Android or iOS mobile devices," the report mentioned.
Intellexa is based in Europe, with six sites and R&D labs throughout the continent.
“We help law enforcement and intelligence agencies across the world to close the digital gap with multiple and diverse solutions, all integrated with our unique and best-in-class Nebula platform," the company posted on its website.
Last year, a Citizen Lab report mentioned Intellexa, on Cytrox’s predator iPhone spyware being used to target a Greek lawmaker.
Citizen Lab said Cytrox was part of the Intellexa Alliance, described as a “a marketing label for a range of mercenary surveillance vendors that emerged in 2019".
Apple filed a lawsuit last year against NSO Group to ban the company from using its services and devices.
As state-sponsored cyber attacks with government spyware like Pegasus grow, Apple is offering Lockdown Mode this fall with iOS 16, iPadOS 16, and macOS Ventura.
This mode offers specialised additional protection to high-profile users who may be at risk of highly targeted attacks from private companies developing state-sponsored mercenary spyware.
In India, the Pegasus panel said this week that the presence of controversial Israeli spyware Pegasus was not conclusively established in 29 mobile phones examined, and the government did not cooperate in the probe.
The top court-appointed panel said five out of 29 mobile phones were possibly infected with some malware, but that does not mean it was Pegasus spyware.