Facebook's instant messaging service, WhatsApp, has announced that hackers have been able to remotely install surveillance software on phones and other devices by exploiting a vulnerability in the popular application.
Facebook's subsidiary said on May 13 that the malware targeted a "select number" of users and that it was used by "an advanced cyber actor."
It said the spyware was able to penetrate devices through WhatsApp's voice-calling function without any user intervention.
"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," WhatsApp said.
The company said the malware was discovered in early May.
It has released a fix and called on its 1.5 billion users to update their apps as an added precaution.
The Financial Times of London identified the producer of the surveillance software as an Israeli security firm called the NSO Group.
In a statement, the NSO Group said its products enable government intelligence and law enforcement agencies to investigate and fight crime and terrorism.
But the London-based rights watchdog Amnesty International said there was mounting evidence that the tool was being used by authoritarian regimes to keep prominent rights activists and journalists under surveillance.
"They're able to infect your phone without you actually taking an action," said Danna Ingleton, deputy program director for Amnesty Tech.
On May 14, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Defense Ministry to revoke the NSO Group's license to export its products.