Financial Times reported — and was confirmed by WhatsApp — that the messaging app has been infected with commercial spyware.

According to the report, Israel’s secretive NSO group developed the spyware that exploited the app installed in Android and iOS devices. The spyware can be deployed just by calling through the app. The user doesn’t have to answer for hackers to install the malicious software leaving no trace.

The spyware now has the ability to scan emails and messages, remotely control camera and mic, and even trace the user’s location data. The vulnerability was discovered in early May.

In a statement, WhatsApp strongly urges its users to upgrade to the latest version immediately “to close the security code.”

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” WhatsApp said in a statement.

The security flaw was discovered when the NSO’s flagship Pegasus program a human rights lawyer, reported The Verge.

WhatsApp was able to block the attack and is currently investigating the situation.

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” said WhatsApp in a statement provided to The Financial Times. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.”

NSO that over 45 countries have used the spyware “to aid in the persecution of dissidents, journalists, and other innocent civilians..”