Citizen Lab has released a report that shows Pegasus, a spy software only sold to governments, may have infected smartphones in Kenya. The software, developed by Israel-based NSO Group, has been used to target journalists and human rights activists around the world.

Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs, in their report detailed that the software has been discovered in 45 countries. They apparently used a new scanning technique to identify systems used by governments who have purchased Pegasus. Using the technique, Citizen Lab’s researchers identified 1,091 IP addresses that matched their fingerprint for the spyware. The researchers then clustered the IP addresses into 36 separate operators with traces in 45 countries where government agencies “may have been conducting surveillance operations” between August 2016 and August 2018.

Pegasus is a mobile phone spyware suite that works on Android, iOS and Blackberry. Once installed, it gets access and sends back to the operator a person’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity. To activate the software, the target has to click on a link which is sometimes disguised as a message from a source or a breaking news story.

Kenya is listed under an operator code named GRANDLACS who may have infected smartphones in the Safaricom and Simbanet networks. The operator has apparently been active since June 2017.