Hackers were able to remotely install surveillance software on cell phones and other devices, using a major security hole in the WhatsApp news app.
WhatsApp, whose owner is Facebook, said the attack was aimed at a "selected number". the user and was orchestrated by "an advanced cyber actor".
A fix was introduced on Friday.
The attack was developed by the Israeli security firm NSO Group, according to a Financial Times report.
On Monday WhatsApp urged all 1.5 billion users to preemptively update their apps.
The attack was first discovered earlier this month.
How was the vulnerability used?
Attackers who used the WhatsApp voice call feature to call the device of a destination. Even if the call was not answered, the monitoring software was installed, and according to FT, the call often disappeared from the call list of the device.
WhatsApp informed the BBC that its security team was the first to identify the error, and communicated this information earlier this month to human rights groups, selected security providers and the US Department of Justice.
- What we know about the mysterious NSO group
- Abusing WhatsApp in the elections in Brazil
"The attack has all the characteristics of a private company reportedly working with governments to spread spyware that spread the spyware Mobile operations are taking over systems, "the company said in a briefing paper for journalists on Monday.
The company also issued a recommendation for security specialists, describing the error as" A buffer overflow vulnerability exists in the WhatsApp VOIP server. " Stack allowed remote code execution via specially crafted series of SRTCP packets sent to a destination phone number.
Who is behind the software?
The NSO Group is an Israeli company known in the past as a "cyber arms dealer".
Pegasus flagship software provides the ability to capture sensitive data from a target device, including capturing data via microphone and camera, and capturing location data.
- On the Front of India's Fake WhatsApp News War
- WhatsApp Sets New Rules After Mob Murders
In a statement, the group said: "NSO technology is available to authorized government agencies for the sole purpose of combating crime and Combat Licenses Terror
"The company does not operate the system, and after a rigorous approval and review process, intelligence agencies and law enforcement agencies determine how the technology will be used to support their public security missions. We investigate all credible allegations of abuse and take action if necessary, including shutting down the system.
"Under no circumstances would NSO be involved in operating or identifying targets of its technology operated solely by intelligence services and law enforcement agencies, NSO would or could not use its technology for its own purposes to attack individuals or organization."  Who was attacked?
WhatsApp said it was too early to know how many users were affected by the vulnerability, but added that alleged attacks were targeted.
Amnesty International, claiming it was attacked by tools developed by the NSO Group in the past, said that the attack was a human rights group that had long feared it was possible.
"You can infect your phone without actually taking any action," said Danna Ingleton, Deputy Program Director of Amnesty Tech. She said there was growing evidence that the tools of regimes were used to keep prominent activists and journalists under surveillance.
"There must be some responsibility for it, it can not just continue to be a mysterious Wild West industry."
On Tuesday, a Tel Aviv court will hear a petition from Amnesty International urging the Israeli Ministry of Defense to revoke the license of the NSO Group for the export of their products.
Follow Dave Lee on Twitter @DaveLeeBBC
Do you have more information about this or any other technology story? You can reach Dave directly and securely through the encrypted message app. Signal to: +1 (628) 400-7370