Nascondino: eSurv S.r.l.
VAT number: 03395880796Products: Exodus
Parent Company: Connexxa S.r.l. (02537760791)
Capabilities: Spyware, IP Network Surveillance, Video/Audio Surveillance
eSurv was an Italian information technology company.
eSurv started as a business unit of Connexxa and became independent as eSurv S.r.l in 2014. The business unit and the eSurv software and brand was later sold from Connexxa S.r.l. to eSurv S.r.l. on Feb 28, 2016.
eSurv’s flagship product, named Exodus, was comprised of an Android & iOS spyware and its C2 infrastructure.
Weirdly enough, the eSurv Android spyware was deployed inside ~25 apps that were publicly available on the Google Play Store. Those apps may have been downloaded by anyone with an Android smartphone and some were even disguised as mobile telco assistance ones.
The Android spyware was made of two stages: the dropper that collected basic identifying information about the device (namely the IMEI code and the phone number), and the payload that was downloaded once the victim identity was confirmed, and then exploited the DirtyCOW vulnerability to gain root access on the device.[1][2]
On the other hand, the iOS spyware was less sophisticated, and hosted on phishing websites and signed through the Apple Developer Enterprise program.[3][4][5]
In 2019, eSurv’s offices were raided by the Italian police on suspicion of illegal wiretapping, those accusations were later dismissed.[6][7]
Following this, eSurv and its parent company Connexxa were liquidated and sold.
In 2024, during the ongoing court process, the prosecutors archived some of the accusations againt the company’s administrators.[8]
In November 2024, in the context of the ongoing court process, the Catanzaro Tribunal declared the acts null with respect to three companies that were using the spyware.[9]
This company is also listed on WikiSpooks.