In this enlightening LABScon Replay session, Vitor Ventura, senior security researcher at Cisco Talos, alongside Michael Gentile, delves into the intriguing evolution of Intellexa and Cytrox in the spyware domain.
Mercenary spyware companies need to evolve their spyware capabilities just like software from any other commercial company. This presentation details an account and timeline of one such mercenary organization, from almost bankrupt to having a fully working spyware targeting iOS and Android with one-click zero-day exploit.
Ventura and Gentile explore the journey of Intellexa, which emerged from the amalgamation of Nexa Technologies, WiSpear, and Cytrox, focusing on Android spyware. The talk sheds light on the critical developments that marked Intellexa’s ascension as a formidable entity in the spyware industry, adept in targeting both iOS and Android platforms.
Ventura and Gentile comprehensively analyze ALIEN/PREDATOR, Intellexa’s flagship spyware suite. Through a combination of code analysis and Open Source Intelligence (OSINT), they chart the evolutionary path of this advanced spyware, revealing its sophisticated capabilities.
The presentation dissects the pivotal moments in the development cycle of the ALIEN/PREDATOR spyware suite, offering the audience valuable insights into spyware research methodologies.
An important part of the talk is dedicated to the technical breakdown of the spyware’s components. The presenters discuss the distinctions and similarities between the ALIEN/PREDATOR suite and the standalone PREDATOR for iOS, providing a clear understanding of the platform-specific nuances.
This session is a recommended watch for those interested in the complexities of spyware development and its broader implications in cybersecurity. Ventura and Gentile impart a thorough understanding of the nuanced world of digital espionage and the dynamic cyber threat landscape.
Vitor Ventura is a Cisco Talos security researcher and manager of the EMEA and Asia Outreach team. As a researcher, he investigated and published various articles on emerging threats. Vitor has been a speaker in conferences, like VirusBulletin, NorthSec, Defcon’s Crypto and Privacy Village, among others. Prior to that he was IBM X-Force IRIS European manager where he was the lead responder on several high profile organizations affected by the WannaCry and NotPetya infections.
Mike Gentile is a Senior Security Researcher at Cisco Talos.
This presentation was featured live at LABScon 2023, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.