WhatsApp has rushed to roll out a security fix after concerns were raised that hackers could inject surveillance software on phones using the call function.
The app reportedly discovered a vulnerability that allowed attackers to install code on iPhones and Android phones by ringing a target device.
The Financial Times reported that the code could be transmitted even if a user did not answer their phone – and that a log of the call often disappeared.
People are being urged to update their WhatsApp immediately.
WhtasApp said: “We believe a select number of users were targeted through this vulnerability by an advanced cyber actor.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
The Financial Times also reported the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.
However, NSO Group said in a statement: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.
“NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer).”