Updated FinSpy implants for iOS and Android have been used in nearly 20 countries in the last year, according to Kaspersky.

The discovery by Kaspersky Lab marks at least the fifth zero-day exploit used by the so-called BlackOasis group and exposed by security researchers since June 2015.

A well-funded spy group appears to have recently acquired a highly-sophisticated zero day vulnerability to deploy a remote access trojan, developed by infamous surveillance technology firm FinFisher, against a Russian-speaking "entity."

The Israeli hacking firm best known for the Pegasus mobile malware is looking for a buyer.