Spyware firms often say their products are meant for the use of governments for national security.
Article continues below
However, the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade. The industry has faced increasing scrutiny since the Israeli firm NSO's Pegasus spyware was found on the phones of various people globally, including human rights defenders.
Google researchers said that while NSO is better known, there are dozens of smaller firms helping the proliferation of spy technology for malicious uses.
The findings by Alphabet opens new tab Google are significant because the company has some of the best visibility into hacking campaigns globally, given the vast breadth of its online offerings.
"Demand from government customers remains strong and our findings underscore the extent to which commercial spyware vendors have proliferated hacking and spyware capabilities that weaken the safety of the Internet for all," researchers from Google's TAG threat-hunting team said in the report.
"The private sector is now responsible for a significant portion of the most sophisticated tools we detect."
The Google researchers named a roster of firms that offer a range of services to break into phones, and have been evolving to bypass the latest security measures by Apple, opens new tab and Google for their phone operating systems iOS and Android.
They include the Italian firms Cy4Gate and RCS Labs, Greek company Intellexa, and the lesser-known Italian company Negg Group and Spain's Variston.
Negg Group’s website says the company is focused on cybersecurity, but Google said its software was found to have been used to spy on people in Italy, Malaysia, and Kazakhstan.
Variston made software that infected user’s devices via the browsers Google Chrome, Mozilla Firefox or iOS apps, Google said, adding that another company, Protected AE also known as Protect Electronic Systems used a similar targeting technique. ■