A bug that spies on computer users may have been developed by a "nation state", according to the internet security company that uncovered it.
Symantec says the malware - called Regin - can take screenshots, control cursors and steal passwords.
The highly sophisticated bug has been active since 2008, though it disappeared between 2011 and 2013.
It is unusually low-key, making it "highly suited for persistent, long-term surveillance operations against targets". It can go years without being noticed.
Symantec said: "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks.
"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state."
Regin has been used to attack individuals, businesses, government entities and research institutes.
Sectors that have been targeted include airline and energy. Telecoms firms have also been infected, allowing hackers to access phone calls.
Computers can be infected with the software in different ways, commonly via fake internet sites and instant messenger programmes. Symantec claims Ireland has been the site of 9% of confirmed infections.
Russia, Saudi Arabia and Mexico have also been heavily affected.
The report describes the purpose of Regin as "intelligence gathering" and says: "It is used for the collection of data and continuous monitoring of targeted organisations or individuals."