Because of his discovery, Rapid7 researcher Claudio Guarnier warned that corporate IT should monitor systems for signs of communication with command and control servers running FinFisher, made by U.K.-based Gamma Group.

Rapid7 the IP addresses and communication "fingerprint" of the command and control servers it has discovered. The information can be used in intrusion detection systems.

"If you can identify those networks actually communicating with those IPs, it most likely means some of the people on those networks are being spied on in some way," Guarnieri said.

FinFisher is able to record Skype and other voice over IP communications, log keystrokes and turn on a computer's webcam and microphone. The spyware, which can also steal files from a hard disk, is built to bypass dozens of antivirus systems.