Lebanon\u2019s intelligence service may have turned the smartphones of thousands of targeted individuals into cyber-spying machines in one of the first known examples of large-scale state hacking of phones rather than computers, researchers say.\r\nLebanon\u2019s General Directorate of General Security (GDGS) has run more than 10 campaigns since at least 2012 aimed mainly at Android phone users in at least 21 countries, according to a report by mobile security firm Lookout and digital rights group Electronic Frontier Foundation (EFF).\r\nThe cyber attacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices and steal any data from them undetected, the researchers said on Thursday. No evidence was found that Apple phone users were targeted, something that may simply reflect the popularity of Android in the Middle East.\r\nThe state-backed hackers, dubbed \u201cDark Caracal\u201d by the report\u2019s authors - after a wild cat native to the Middle East - used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.\r\nMichael Flossman, the group\u2019s lead security researcher, told Reuters that EFF and Lookout took advantage of the Lebanon cyber spying group\u2019s failure to secure their own command and control servers, creating an opening to connect them back to the GDGS.\r\n\u201cLooking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating,\u201d Flossman said in a phone interview.\r\n\u00a0\r\nDark Caracal has focused their attacks on government officials, military targets, utilities, financial institutions, manufacturing companies, and defense contractors, according to the report.\r\nThe researchers found technical evidence linking servers used to control the attacks to a GDGS office in Beirut by locating wi-fi networks and internet protocol address in or near the building. They cannot say for sure whether the evidence proves GDGS is responsible or is the work of a rogue employee.\r\nThe malware, once installed, could do things like remotely take photos with front or back camera and silently activate the phone\u2019s microphone to record conservations, researchers said.\r\nResponding to a question from Reuters about the claims made in the report, Major General Abbas Ibrahim, director general of GDGS, said he wanted to see the report before commenting on its contents. He added: \u201cGeneral Security does not have these type of capabilities. We wish we had these capabilities.\u201d\r\nReuters.