Executives of ‘eSurv’ Arrested in Italy Following the Exodus Spyware Case

Written by Bill Toulas
Last updated June 23, 2021

Italy’s information and security agency, “L'Agenzia Informazioni e Sicurezza Esterna”, has arrested the executives of a company named “eSurv”, which is a local expert in surveillance camera systems. As we saw in March 2019, eSurv was doing a lot more in addition to their standard operations, publishing spyware on the Google Play Store after disguising it as apps of local telecom service operators. The spyware was named “Exodus” and it was able to collect data from Android devices and send it to a C&C server belonging to eSurv. The exfiltrated data included WhatsApp logs, Wi-Fi passwords, GPS coordinates, Facebook Messenger conversations, and various other sensitive information.

After the first revelations, an in-depth investigation in Italy followed, unveiling ties with the Italian government and the local law authorities. However, eSurv was engaging in spying operations on their own too, either for product testing purposes or for other secluded reasons. The investigators found that eSurv had gathered 80 terabytes of data from hacked phones of Italian citizens, storing them on an Amazon Web Services server in Oregon, and not using any kind of encryption to protect them. The data included photographs, videos, conversation recordings, private text messages and emails, and various other files of special interest. Nobody knows if hackers accessed this server or not, and the authorities don’t know how many people had the credentials to access the Amazon bucket.

This is a clear case of blatant violation of all laws that underpin people’s privacy rights and far from what eSurv promised to the Italian police, so eSurv’s executives will now have to provide convincing answers in front of justice. eSurv operated a special department which dealt with Exodus called the “Black Team”, while the higher-standing individuals had complete knowledge of the abuse. As the prosecutor claims, the Black Team spied on more than 230 people who hadn’t been defined as surveillance targets by the Italian authorities. eSurv’s internal files name these people “The Volunteers”, and it’s likely that this group of people had no idea about the spyware on their devices.

One thing to keep in mind is that Exodus wasn’t present in the Android apps that were uploaded on the Play Store, thus bypassing Google’s checks. The spyware was fetched at a later stage with the app serving as the gateway, so the users who were exploited never realized what happened. Thus, you should always review the permissions of your newly installed apps, monitor their background activity, and use a mobile security solution. If possible, upgrade to Android 10 which helps users track the activity of all applications when they’re not used directly.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: