Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android (CVE-2019-2215) to install the app aimed at spying on users. The existence of CVE-2019-2215 was discovered in late 2019 when it was spotted being exploited in the wild. Researchers with Google’s Threat Analysis Group and other external parties believe that the exploit originated with NSO Group, an Israel-based company that specializes in lawful surveillance software and whose Pegasus mobile spyware is abused by oppressive regimes to spy on “enemies”.
Source: Help Net Security
