Go to listing page

Cybercriminal Organizations Offer Record High Reward for Signal App Zero-Days

Cybercriminal Organizations Offer Record High Reward for Signal App Zero-Days
Hackers often earn millions of dollars by working as gray-market exploit brokers. Recently, researchers detailed a bidding war on the multi-million market of zero-day exploits, specifically around the Russia-Ukraine conflict.

The bidding war

  • According to the report, Russia-based OpZero (an offensive cyber-operations organization) is offering upto $1.5 million for Signal messaging app RCE exploits. This is almost triple the amount offered by counterpart American organizations for similar bugs.
  • This skyrocketing price indicates the desperation of the Russian government to gain surveillance capabilities over Ukrainians utilizing the Signal app to communicate.
  • The reasons behind this bidding war include an overwhelming 80% market share of Android in Ukraine and the wide popularity of the Signal app (over 2 million daily active users).

A prolific player

American firm Zerodium is perhaps one of the most public and prolific players in this business of trading zero-day exploits. The average exploit price quoted by Zerodium has increased by 1,240% over 6 years.
  • It offers as much as $2 million for iOS flaws and presents many public offers for exploits in a range of operating systems and applications.
  • Since 2017, it has had a standing offer of up to $500,000 for exploits of Signal and other communication apps such as Telegram, Facebook Messenger, and WhatsApp.

Conclusion

Vulnerabilities and exploits in popular products allow attackers to get remote access to both stored information and information generated in real-time. Public brokers offer cheap pricing, however, private brokers selling to a limited number of vetted participants offer more secrecy at the cost of higher prices.
Cyware Publisher

Publisher

Cyware