Security researchers have identified screenshots of a transaction between an unknown customer and Intellexa, a spyware company, in which the buyer paid €8 million to obtain access to a full-service zero-day remote control execution exploit. The transaction shows the zero-day exploit referred to as Nova Suite to the unknown buyer. The bill is dated July 14, and Nova Suite promises many capabilities and turnkey infections for both Android and iOS devices. The paperwork references an outdate iOS version 15.4.1 from March, however, it is not apparent how many devices are still vulnerable to the exploit.
During the sale Intellexa also allegedly promised that the malware is easily deliverable and only requires one click on behalf of the target. the malware uses the browser to inject the payload onto Android and iOS devices. The purchase price also got the buyer data analysis, a description of 100 other infections, and a one year warranty. The transactions could have serious implications for targets of the malicious software.
Read More: Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web