Google Inc. has shut down a newly discovered form of Android spyware linked to an Israeli company that specializes in “cyberwarfare.”

Called “Lipizzan,” the spyware was found to be bundled with 20 apps and is claimed to exfiltrate a user’s email, SMS messages, location, voice calls and media. In a blog post, the Google Android team said that they believe that the spyware and apps were “distributed in a targeted fashion to fewer than 100 devices in total” and that the recently launched Google Play Protect has notified all affected devices and removed the Lipizzan apps.

The spyware was deployed to targets in two stages. The first stage was distributed “through several channels, including Google Play,” with the apps pretending to offer legitimate services. Once installed, the Lipizzan-infected apps downloaded and ran a “license verification” stage which resulted in the Android device being completely compromised.

Spyware and malware are hardly news in 2017, but where Lipizzan gets interesting is that the Android team named Equus Technologies as the author. According to the company’s LinkedIn page, the Israeli firm is “a privately held company specializing in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations.”

This isn’t the first time spyware from companies such as Equus Technologies has been discovered. The Google Android team previously detected “Chrysaor,” a similar form of spyware attributed to the somewhat infamous NSO Group. Another Israeli company that specializes in government-level spying, it was linked in February to a spyware campaign used by the Mexican government.

As always, users are advised to practice safe Internet: Don’t download apps outside of the Google Play Store and have antivirus software installed. In addition, Google advises users to ensure they have opted into Google Play Protect.

Image: Etamme/Wikimedia Commons