Android and IOS 1click 0day Trojan with persistence (IOS 15.5/Android 12)

[oDmC3oJrrSuZLhp]

[ENG]
This thread is dedicated to high liquidity government sponsored APTs

I sell complete source stolen by a cyber warfare company, software intended for government use only. ability to extract and monitor devices remotely, complete persistence on reboot.
The existence of this software has been classified as top secret by the defense ministry of the country that developed it.
It is intended for the exclusive use by governments for the fight against terrorism and offers a very simple graphical interface for investigative activity.
It works on every version of IOS and Android currently existing(IOS 15.5 and Android 12), it covers almost all the devices in circulation.
The software is installed through the simple click of a link by the victim, completely silent, there is no need for any other interaction beyond the link.
The suite also includes the possibility of generating malicious links through own domains (to increase trust towards the victim)

and offers a user friendly tool for investigations (that's what it was designed for).

The functions available are the following (not all):
-List of installed apps
-Call log download
-Download Google Chrome history, saved passwords and cookies
-Download contacts
-Download Mail
-Download messages from any messaging application (Facebook Messenger / Instagram / IMO / Signal / Telegram / Whatsapp / Line / WeChat)
-Full filesystem access (also on IOS)
-Call Recording (can also be scheduled when)
-Listening to microphone remotely
-Remote location access
-Remote screenshots


-Multiple data exfiltration modes to safeguard the battery
The software is designed to hopping across multiple servers to allow traffic anonymization (the company sells their network) and uses many advanced obfuscation techniques to stay undetected.
Attention I do not include the company network, so if you want to use this feature you will have to recreate your servers.



Confidential negotiation, price 8 fig, I do not disclose any screenshot or the name of the company that developed it, without proof that you have the liquidity to purchase the software (I can say that it is very close to Q CYBER TECNOLOGY known to the public as NSO).
I am attaching two screenshots to demonstrate the goodness of what I wrote
for questions or purchase send me a message in pm (I don't give interviews, no journalists)

-----
[RU]


Эта ветка посвящена высоколиквидным APT, спонсируемым государством.


Я продаю полный исходный код, украденный компанией, занимающейся кибервойной, программное обеспечение, предназначенное только для использования правительством. возможность удаленного извлечения и мониторинга устройств, полное сохранение при перезагрузке.
Существование этого программного обеспечения было засекречено министерством обороны страны, разработавшей его.
Он предназначен исключительно для использования правительствами в целях борьбы с терроризмом и предлагает очень простой графический интерфейс для следственной деятельности.
Он работает на всех существующих в настоящее время версиях IOS и Android (IOS 15.5 и Android 12), он охватывает почти все устройства, находящиеся в обращении.
Программное обеспечение устанавливается жертвой простым нажатием ссылки, совершенно бесшумно, нет необходимости в каком-либо другом взаимодействии, кроме ссылки.
Пакет также включает возможность генерации вредоносных ссылок через собственные домены (для повышения доверия к жертве).


и предлагает удобный инструмент для расследований (именно для этого он и был разработан).


Доступны следующие функции (не все):
-Список установленных приложений
-Загрузка журнала вызовов
-Загрузить историю Google Chrome, сохраненные пароли и файлы cookie
-Скачать контакты
-Скачать почту
- Загружайте сообщения из любого приложения для обмена сообщениями (Facebook Messenger / Instagram / IMO / Signal / Telegram / Whatsapp / Line / WeChat)
-Полный доступ к файловой системе (также на IOS)
-Запись звонков (также можно запланировать, когда)
-Прослушивание микрофона удаленно
-Удаленный доступ к местоположению
- Удаленные скриншоты


-Несколько режимов эксфильтрации данных для защиты аккумулятора
Программное обеспечение предназначено для переключения между несколькими серверами, чтобы обеспечить анонимность трафика (компания продает свою сеть), и использует множество передовых методов запутывания, чтобы оставаться незамеченным.
Внимание, я не включаю сеть компании, поэтому, если вы хотите использовать эту функцию, вам придется заново создать свои серверы.


Конфиденциальные переговоры, 8-значная цена(USD) , я не раскрываю ни скриншота, ни названия компании, разработавшей его, без доказательств того, что у вас есть ликвидность для покупки программного обеспечения (могу сказать, что оно очень близко к Q CYBER TECNOLOGY, известному на общественный как NSO).
Я прилагаю два скриншота, чтобы продемонстрировать качество того, что я написал
по вопросам или покупке пишите мне в личку (интервью не даю, журналистов нет)

 

[Paxom]

Какой способ доставки на телефон жертвы ?
Какая цена ?

 

[TheProfessor786]

Вы принимаете условное депонирование?

 

[johndoe7]

https://forum.exploit.in/topic/209271/

But this is a scam. Already banned on Exploit: https://forum.exploit.in/topic/209271/

 

[oDmC3oJrrSuZLhp]

https://forum.exploit.in/topic/209271/

[ENG]
Dear Exploit im Admin and Staff
I thought that exploit In was a serious forum, I asked to use a 2/3 multisign wallet, given the real power of the tool, with the guarantor but I was DENIED and after agreeing to use only the exploit guarantor. asked to see that the customer had deposited the sum in question on the guarantor's wallet asking for proof of the transaction hash. I did not receive the proof of the deposit in BTC, nor the wallet where the funds were deposited (which usually the escrow should show to both) asking me to simply trust the confirmation of receipt from the guarantor. The required amount was USD 50 million.
What I think?
They did not have the money to simulate the transaction to show me, the buyer was clearly in agreement with the escow and in fact immediately after saying that I cannot proceed completely in the dark I asked since it was not possible to show me (I don't know why ) the transaction deposited an advance as collateral so that you will not be left with nothing.
Obviously I would have proceeded to the negotiation even if only seeing the hash of the transaction equivalent to $ 50M. I was thus banned from the forum and within minutes also from the exploit.im jabber server.
Think carefully and don't think I'm a scammer just because the guy said so, I'm telling how things went, and this is clearly an attempt to scam me.
[RU]
Уважаемый Exploit im Admin и персонал
Я думал, что эксплойт В был серьезным форумом, я попросил использовать мультиподписной кошелек 2/3, учитывая реальную мощность инструмента с гарантом, но мне было ОТКАЗАНО, и после согласия использовать только эксплойт.ин гарант я попросил посмотреть, что клиент внес соответствующую сумму на кошелек гаранта, запросив подтверждение хэша транзакции. Я не получил ни подтверждения депозита в BTC, ни кошелька, на который были депонированы средства (который обычно должен показывать депонент обоим), с просьбой просто довериться подтверждению получения от гаранта. Требуемая сумма составляла 50 миллионов долларов США.
Что я думаю?
У них не было денег, чтобы смоделировать транзакцию, чтобы показать мне, покупатель был явно согласен с эскоу, и на самом деле сразу после того, как я сказал, что я не могу действовать полностью в темноте, я спросил, так как это было невозможно показать мне (я не не знаю почему ) при сделке внесен аванс в качестве залога, так что вы не останетесь ни с чем.
Очевидно, я бы приступил к переговорам, даже если бы увидел только хеш транзакции, эквивалентной 50 миллионам долларов. Таким образом, я был забанен на форуме, а через несколько минут и на jabber-сервереexploit.im.
Подумайте хорошенько и не думайте, что я мошенник только потому, что это сказал парень, я рассказываю, как все было, и это явно попытка обмануть меня.

Какой способ доставки на телефон жертвы ?
Какая цена ?

это ссылка для отправки жертве (есть возможность создания пользовательских ссылок, если вы являетесь владельцем домена), вредоносное ПО является двухэтапным, и заражение происходит примерно за 15 секунд для первого этапа и до максимум 3 минуты на второй этап (это все автоматизировано), цена 50млн долларов

Вы принимаете условное депонирование?

условное депонирование известной значимости, возможно, с использованием мультиподписного кошелька

 

[ev4ng3liya]

цена 50млн долларов

Залейте депозит на форум
Ой как попахивает наёбом

Quake3 weaver Pernat1y

 

[oDmC3oJrrSuZLhp]

But this is a scam. Already banned on Exploit: https://forum.exploit.in/topic/209271/

above I also explained to you the reason, would you have continued the transaction after asking the guarantor to show me that the money was actually deposited and he replied "it is not possible"?
I did not ask to send me 50 million in advance but only to show me the transaction hash where the buyer deposited in the guarantor's wallet.

 

[ev4ng3liya]

above I also explained to you the reason, would you have continued the transaction after asking the guarantor to show me that the money was actually deposited and he replied "it is not possible"?
I did not ask to send me 50 million in advance but only to show me the transaction hash where the buyer deposited in the guarantor's wallet.

Make a deposit on the forum from 1 million dollars

 

[oDmC3oJrrSuZLhp]

Make a deposit on the forum from 1 million dollars

i am the seller not the buyer why should i make a deposit? If I had millions of euros to deposit, I wouldn't be here selling what I stole. however i accept escrow for sale and if you don't believe what i say you can ask the exploit admin if it is true they refused to show me the hash of the 50 million deposit.

 

[ev4ng3liya]

i am the seller not the buyer why should i make a deposit? If I had millions of euros to deposit, I wouldn't be here selling what I stole. however i accept escrow for sale and if you don't believe what i say you can ask the exploit admin if it is true they refused to show me the hash of the 50 million deposit.

That's the thing, you're the seller, not the buyer, and you're the one who has to make the deposit. Those are the rules of the forum. If you don't agree with them, then leave the forum. All the same, sooner or later a moderator will come to your topic and close your topic because you have no deposit.

 

[marti1n]

да забаньте его уже и тут, за отказ от гаранта

 

[th3tr0ll]

This is big if true, but oDmC3oJrrSuZLhp do you really think someone is gonna put 50 million $ in an escrow without testing the product / having proofs of it's legitemacy?

 

[oDmC3oJrrSuZLhp]

This is big if true, but oDmC3oJrrSuZLhp do you really think someone is gonna put 50 million $ in an escrow without testing the product / having proofs of it's legitemacy?

do you think that I have not given evidence on the actual functioning before asking to request the guarantor? I have given all the necessary evidence of legitimacy.
the negotiation did not take place on exploit.in because the guarantor and also the buyer refused to show proof that the sum had been deposited to the guarantor

Я думаю, вы не читали ветку, я ПРИНИМАЮ гаранта, но гарант или покупатель, когда они говорят, что они внесли деньги, должны показать хэш транзакции или кошелек, на который они были внесены. Я не прав?

да забаньте его уже и тут, за отказ от гаранта

That's the thing, you're the seller, not the buyer, and you're the one who has to make the deposit. Those are the rules of the forum. If you don't agree with them, then leave the forum. All the same, sooner or later a moderator will come to your topic and close your topic because you have no deposit.

"Срок внесения депозита не регулируется, на усмотрение пользователя."
From FAQ

If you tell me where it says that a seller MUST have a deposit on the site in order to sell, I will make the necessary deposit

 

[johndoe7]

https://forum.exploit.in/topic/209271/

This is from Exploit. I paste the exact post of the person who has asked there:

Отказ от гаранта, предлагал сделать предоплату ему лично.

<4JWHaYQKdra9KHQ> вы перечисляете часть средств поручителю и часть средств мне, а я высылаю вам весь софт. В случае, если поручитель уйдет со всеми деньгами, по крайней мере, я не останусь ни с чем. надеюсь, ты меня понимаешь

No fucking hash whatsoever is mentioned. Everyone can read by himself what happened. Status is set on Exploit, are there no moderators here?

 

[th3tr0ll]

do you think that I have not given evidence on the actual functioning before asking to request the guarantor? I have given all the necessary evidence of legitimacy.
the negotiation did not take place on exploit.in because the guarantor and also the buyer refused to show proof that the sum had been deposited to the guarantor

Look, I'll tell you my opinion.
If I were a government APT even if I was interested in your product and had the actual amount available I would not trust to conduct such a transaction.
The amount is so high that the temptation for those involved is very high, there we're talking about an amount that can change one's life.

You seller what kind of guarantees can you offer? You don't even have a 500k/1M deposit on forum (Which is required to sell products here)
How can the buyer be protected?

I honestly believe that even the most honest escrow would be tempted once he sees 50.000.000 $ in Crypto deposited in his wallet.
The only hope you can have is to sell it to some North Korea hacker who maybe turns you 50,000,000 funds coming from reported addresses ( In that case good luck washing them up / cashoutting ).

However, I wish you the best for your sale... hoping I won't find you banned in a few days for scam.

P.S. : Don't forget about me if you actually sell it, I would kindly accept 300/400k€ as a gift /s

 

[oDmC3oJrrSuZLhp]

You sell an obscure product for $50 million, and you mention that you stole it from somewhere (lol). I highly doubt your competence. Look at the other sellers, they in turn quietly pour the deposit on the forum, you do not. Again, make a deposit of 1 million dollars or more.

if I had millions to deposit I wouldn't be here selling this product. To show you the goodness of the product I am attaching the commercial proposal proposed by the company from which I stole the source dedicated to a counter terrorism unit of a government (not specific which one).
I am also available for Live demonstrations of the product itself for those who have money to buy it, it is no coincidence that I wrote the thread is dedicated to groups sponsored by states (such as North Korea or China)

 

[Windefender]

Seems it was not the issue of showing transaction hash. you asked for advance from the buyer, And said that if guarantor leaves with the fund at least you do not loose all money.

 

[oDmC3oJrrSuZLhp]

Look, I'll tell you my opinion.
If I were a government APT even if I was interested in your product and had the actual amount available I would not trust to conduct such a transaction.
The amount is so high that the temptation for those involved is very high, there we're talking about an amount that can change one's life.

You seller what kind of guarantees can you offer? You don't even have a 500k/1M deposit on forum (Which is required to sell products here)
How can the buyer be protected?

I honestly believe that even the most honest escrow would be tempted once he sees 50.000.000 $ in Crypto deposited in his wallet.
The only hope you can have is to sell it to some North Korea hacker who maybe turns you 50,000,000 funds coming from reported addresses ( In that case good luck washing them up / cashoutting ).

However, I wish you the best for your sale... hoping I won't find you banned in a few days for scam.

P.S. : Don't forget about me if you actually sell it, I would kindly accept 300/400k€ as a gift /s

for this I have proposed a Multisignature transaction where each of the parties holds a key and it is necessary to use at least 2 out of 3 keys to operate. But despite everything I accepted the transaction without multisignature where the buyer sent the money to the guarantor and I repeat both the buyer and the guarantor refused to prove the deposit (hash of the transaction or wallet on which the buyer would have deposited). Who would continue the negotiation?
Shortly afterwards I found myself banned from the exploit.in forum, what can a person deduce if not that the guarantor and the buyer agreed to make a scam?

I have seen so much technology and tools used by shadows.
I can say that I know all 34 customers Intellexa has sold Nova / Helios to.
I could also start talking about Oz the new name of Pegasus created by NSO (Q CYBER TECNOLOGY).
But I'm not here to divulge top secret information to newspapers or uncover pandora's box.
I'm just here to sell make my money and disappear into the shadows as always.

Посмотреть вложение 39666

Seems it was not the issue of showing transaction hash. you asked for advance from the buyer, And said that if guarantor leaves with the fund at least you do not loose all money.

as I wrote above I asked that if the guarantor and the buyer do not want to show me the hash of the transaction or the wallet on which they would have deposited the money to have a part in advance before the deal in order to protect me in case the guarantor had disappeared or the money in question never existed (my fear is that by not showing me the transaction the money for the purchase never existed).
only one message was taken without contextualizing it making me pass as the one rejecting the use of escrow, but what sense would it be to write it on the post knowing clearly that anyone would use it for a similar amount?
I repeat I accept escrow, preferably multisign.
Apparently exploit.in is not as reliable a forum as it seems.

I enclose some slides in Spanish on the simplified architecture of Helios / Nova for those interested in purchasing

https://forum.exploit.in/topic/209271/

This is from Exploit. I paste the exact post of the person who has asked there:

Отказ от гаранта, предлагал сделать предоплату ему лично.

<4JWHaYQKdra9KHQ> вы перечисляете часть средств поручителю и часть средств мне, а я высылаю вам весь софт. В случае, если поручитель уйдет со всеми деньгами, по крайней мере, я не останусь ни с чем. надеюсь, ты меня понимаешь

No fucking hash whatsoever is mentioned. Everyone can read by himself what happened. Status is set on Exploit, are there no moderators here?

as I have previously written several times, I asked for a (partial) prepayment after both the buyer and the escrow refused to show me the hash and wallet of the 50M deposit. Would you have continued the negotiation without seeing proof of deposit? Was I supposed to send the source I own without knowing if the money was received by the ecrow or if it actually existed?
it is easy to take a single message and show it to make it appear that I have not accepted the escrow when instead the request for upfront money came only in the face of their lack of transaparence (to protect me from the fact that the money did not exist at all).
You have a brain to ask yourself if it's possible that the buyer didn't have 50M.
I'll let you draw the rest of the conclusions for yourself.
I emphasize that it was not even given the opportunity to reply on the exploit forum since they decided to ban both Jabber and the account on the forum for less than 2 minutes.

ask the admin or the staff to publicly show the hash of these 50M deposited to the guarantor if they have actually been deposited, instead of hiring me on assumptions

I remember that until now I have publicly shown documents on the software without holding back (I advise you to read all the thread and confidential documents that I have published) and I am available to provide further evidence and make a transaction via guarantor

 

[devi0s]

i am the seller not the buyer why should i make a deposit? If I had millions of euros to deposit, I wouldn't be here selling what I stole. however i accept escrow for sale and if you don't believe what i say you can ask the exploit admin if it is true they refused to show me the hash of the 50 million deposit.

If the guarantor says that deposit was made there is no need for them to show you a hash of the transaction. This is quite fishy also no android bot is worth 50 Million no matter the functionalities.

 

[oDmC3oJrrSuZLhp]

If the guarantor says that deposit was made there is no need for them to show you a hash of the transaction. This is quite fishy also no android bot is worth 50 Million no matter the functionalities.

i'm not selling a bot for android but a 1click trojan (installs with just one click from the victim) developed to fight terrorism that has numerous 0day exploits, bypasses sanbox and gets root permissions on practically every mobile device (including apple iphone ). If the price seems exaggerated to you, I suggest you read the commercial proposal sent to a government, where the use was limited to the country itself, to a very limited number of users and the price is tens of millions (I sell the complete source). do you just know what a full chain RCE is worth on iOS? Do you know how long it takes to reverse, to bypass the ASLR, do you know how much time spent doing fuzzing? do you know how long to try not to crash the device trying to get stable overflow?

I am sorry that you think that a transaction of this amount does not matter transparency and you were not entitled to see the hash of the transaction but to rely only on the word of the guarantor. Escrows on other sites do not have these problems and from what I have heard for lower amounts even on exploitin they refuse to show hashes for lower transactions. (Don't you think this is strange in this case?) I remind you that with hash not i can steal the funds in any way.