eSurv was an italian information technology company.
eSurv started as a business unit of Connexxa and become independend as eSurv S.r.l in 2014. The business unit and the eSurv software and brand was later sold from Connexxa S.r.l. to eSurv S.r.l. on Feb 28, 2016.
eSurv’s flagship product, named Exodus, was comprised of a Android & iOS spyware and its C2 infrastructure.
Weirdly enough, the eSurv Android spyware was deployed inside ~25 apps that were publicly available on the Google Play Store. Those apps may have been downloaded by anyone with and Android smartphone and some were even disguised as mobile telco assistance ones.
The Android spyware was made of two stages: the dropper that collected basic identifying information about the device (namely the IMEI code and the phone number), and the payload that was downloaded once the victim identity was confirmed, and then exploited the DirtyCOW vulnerability to gain root access on the device.[1][2]
On the other hand, the iOS spyware was less sophisticated, and hosted on phishing websites and signed through the Apple Developer Enterprise program.[3][4][5]
In 2019, eSurv’s officies were raided by the Italian police on suspicion of illegal wiretapping, those accusations were later dismissed.[6][7]
Following this, eSurv and its parent company Connexxa were liquidated and sold.
In 2024, during the ongoing court process, the prosecutors archived some of the accusations againt the company’s administrators.[8]
This company is also listed on WikiSpooks.
