Threat Actor: Unknown | unknown
Victim: Android Users | Android Users
Price: $800,000
Exfiltrated Data Type: Sensitive personal information
Key Points :
- A powerful zero-day exploit targeting Android devices is being sold.
- The exploit allows remote code execution (RCE) via MMS without user interaction.
- Affects Android versions 11, 12, 13, and 14, posing a threat across various devices.
- The threat actor claims the exploit provides full control over targeted devices.
- Potential buyers can contact the actor via Telegram for more details and proof of concept.
- If real, the exploit could allow attackers to access sensitive information unnoticed by users.
A threat actor has claimed to be selling a powerful zero-day exploit targeting Android devices, with the exploit allegedly capable of remote code execution (RCE) via MMS. According to the actor, the exploit is a “ZeroClick” attack, meaning no user interaction is required for the attacker to gain control over the device.
The exploit allegedly affects Android versions 11, 12, 13, and the recently released Android 14, making it a threat across a wide range of phones, regardless of brand or model. The actor claims the exploit chain provides full control over the targeted devices and is selling the framework for $800,000.
Potential buyers are asked to contact the threat actor via Telegram, where more details and proof of concept (PoC) can be shared. The exploit, if real, could be devastating, allowing attackers to remotely control devices and potentially access sensitive personal information without the user ever realizing they were compromised.
The post Threat Actor Allegedly Selling Zero-Day Android RCE Exploit for $800,000 appeared first on Daily Dark Web.