that appeared to be FinFisher was first discovered last month in Bahrain. The malware was targeted at activists within the Persian Gulf kingdom. Gamma later that it never sold the product to Bahrain and was investigating whether a demonstration copy had been stolen from the company.

After obtaining samples of the Bahrain malware, Guarnier was able to isolate a peculiar way computers communicate with the software. The researcher found that the Bahrain server answered HTTP requests with the message "Hallo Steffi."

With the discovery of the fingerprint, Guarnier and his Rapid7 team started searching the Internet and found 12 C&C servers in 10 countries: the U.S., Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia and Dubai.

Whether governments or police are using the servers cannot be determined by the information gathered by Rapid7. The security company also cannot say for sure that the computers are running FinFisher. "But it's a very big clue," Guarnier said of his findings.

"We think that they are most likely connected to the [FinFisher] infrastructure and are being run by different people across the globe," he said.