eSurv S.r.l.
VAT Number: 03395880796.
Product Names: “Exodus” (unofficial).
Capabilities: Spyware, IP Network Surveillance, Video/Audio Surveillance.
Parent Company: Connexxa S.r.l. (02537760791).
eSurv was an italian information technology company.
eSurv started as a business unit of Connexxa and was leased to eSurv S.r.l in 2014. The business unit and the eSurv software and brand was later sold from Connexxa S.r.l. to eSurv S.r.l. on Feb 28, 2016.
eSurv’s flagship product, unofficially named Exodus, was comprised of a Android & iOS spyware and its C2 infrastructure.
Weirdly enough, the eSurv Android spyware was deployed inside 25 apps that were publicly available on the Google Play Store. Those apps may have been downloaded by anyone with and Android smartphone and some were even disguised as mobile telco assistance ones.
The Android spyware was made of two stages, the dropper that collected basic identifying information about the device (namely the IMEI code and the phone number), and the payload that when downloaded exploited the DirtyCOW vulnerability to gain root access on the device.[1][2]
On the other hand, the iOS spyware was less sophisticated, and hosted on phishing websites and signed through the Apple Developer Enterprise program.[3][4][5]
In 2019, eSurv’s officies were raided by the Italian police on suspicion of illegal wiretapping.[6][7]
Later, eSurv and its parent company Connexxa were liquidated and sold.
This company is also listed on WikiSpooks.