Spyware masquerading as popular chat app WhatsApp has infected thousands of mobile phones, security researchers have discovered.
The virus, dubbed Dark Caracal by the Electronic Frontier Foundation (EFF) and security firm Lookout, has stolen gigabytes of data from Android phones with the infection, reports the BBC.
It's been traced to a Lebanese government building, with the EFF and Lookout saying it bears the hallmarks of being created by a nation, rather than a rogue group of hackers.
The virus poses as a messaging app, including WhatsApp or Signal, and tricks users into installing it on their phones.
"Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF director of cybersecurity Eva Galperin.
"This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Google said it's sure the virus can't be downloaded from its online Play store, and said people are probably being tricked into installing it from websites that mimic it.
"Google has identified the apps associated with this actor, none of the apps were on the Google Play Store," it said in a statement.
"Google Play Protect has been updated to protect user devices from these apps and is in the process of removing them from all affected devices."
It's believed the malware has been operating since 2012.
"It is always hard to prove that a nation state is involved," Prof Alan Woodward, a cybersecurity expert, told the BBC.
"During the Cold War, countries made use of mercenaries and that's what we are seeing online now."