Quick Hits

Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web

Documents appear to show that Israeli spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems.

Last month, an unknown customer appears to have shelled out around €8 million for a full-service zero-day remote control execution (RCE) exploit. 

Screenshots shared of the zero-day exploit bill of sale are dated July 14 and show that Intellexa, a spyware company, sold a product it called Nova Suite to an unknown buyer. It promised turnkey infections for Android, as well as iOS devices. The paperwork references iOS version 15.4.1 from March, but it's unclear how many devices remain vulnerable. 

Intellexa also promised the malware is delivered with just one click and uses the browser to inject the Android and iOS payload to mobile devices. The purchase price also includes data analysis, a "magazine" of 100 other infections, and even a full year's warranty.