Citizen Lab has released a new report that shows Pegasus is most likely being used to target and infect smartphones in Kenya. Pegasus is a spy software that is only sold to governments and was developed by Israel company, NSO Group. The software has been used to target journalists and human rights activists around the world.

Citizen Lab is a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs. In their report, they confirm that the software has been detected in 45 countries. They used a new scanning technique to identify systems used by governments who have purchased Pegasus. Using the technique, Citizen Lab’s researchers identified 1,091 IP addresses that matched their fingerprint for the spyware. The researchers then clustered the IP addresses into 36 separate operators with traces in 45 countries where government agencies “may have been conducting surveillance operations” between August 2016 and August 2018.

Pegasus is a mobile phone spyware suite that works on Android, iOS and Blackberry. Once installed, it gets access and sends back to the operator a person’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity. To activate the software, the target has to click on a link which is sometimes disguised as a message from a source or a breaking news story.

Kenya is listed under an operator code named GRANDLACS who may have infected smartphones in the Safaricom and Simbanet networks. The operator has apparently been active since June 2017. In 2015, Citizen Lab released a report showing that Kenya’s National Intelligence Service (NIS) had acquired spy software FinFisher.