An Italian company's hacking tools were used to spy on Apple and Android phones in Italy and Kazakhstan, Alphabet Inc.'s Google said in a report on Thursday.
The report said that Italian law enforcement agencies have developed tools to spy on private messages and contacts of targeted devices, which are claimed by Milan-based RCS Lab.
European and American regulators are considering new rules regarding the sale and import of spyware.
These vendors are enabling a proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house, according to Google.
The governments of Italy and Kazakhstan didn't respond immediately to requests for comment. An Apple spokeswoman said that the company had revoked all of the known accounts and certificates associated with the hacking campaign.
RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes.
RCS Lab personnel are not exposed, nor are they involved in any activities carried out by the relevant customers, it said in an email that it condemned any abuse of its products.
Google has taken measures to protect users of its Android operating system and alerted them about the spyware.
The global industry making spyware for governments has been growing, with more companies developing interception tools for law enforcement. Anti-surveillance activists accuse them of aiding governments that in some cases use such tools to crack down on human rights and civil rights.
The Israeli surveillance firm NSO's Pegasus spyware was found to have been used by multiple governments to spy on journalists, activists and dissidents in recent years, which brought up a global spotlight on the industry.
Bill Marczak, a security researcher with Citizen Lab, said that the tool of RCS Lab may not be as stealthy as Pegasus, but it can still read messages and view passwords.
He added that this shows that even though these devices are ubiquitous, there is still a long way to go in securing them against these powerful attacks.
On its website, RCS Lab describes itself as a maker of lawful interception technologies and services, including voice, data collection and tracking systems. It handles 10,000 intercepted targets daily in Europe.
Google researchers found that RCS Lab had previously collaborated with the defunct Italian spy firm Hacking Team, which had created surveillance software for foreign governments to tap into phones and computers.
The hacking team went bust after it was a victim of a major hack in 2015 that led to a disclosure of numerous internal documents.
In some cases, Google said that hackers using RCS spyware worked with the target's internet service provider, which suggests they have ties to government-backed actors, said Billy Leonard, senior researcher at Google.