Lebanon’s intelligence service, the General Directorate of General Security (GDGS), is reportedly at the center of a large-scale hacking campaign that may be a first of its kind for targeting mobile phones instead of computers.

Eric Auchard from Reuters reports that GDGS has been targeting Android phones in at least 21 countries in multiple campaigns for at least five years. “The cyberattacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices and steal any data from them undetected,” writes Auchard.

The hackers, known as Dark Caracal–a wild cat from the Middle East–relied on phishing tactics to trick victims into downloading spoofed encrypted messaging apps.

According to Reuters, “The attackers borrowed code to create their own malicious software from developer sites, while relying heavily on social engineering to trick people to click on links that sent them to a site called SecureAndroid, a fake Android app store.

There, users were encouraged to download fake, but fully functioning versions of encrypted messaging apps and privacy tools including WhatsApp, Viber and Signal.”

Once installed, malware would infect the devices. From there, it was capable of activating the front or back camera to remotely take photos or using the phone’s microphone to record conversations.

Read the full story at Reuters.