The hacking is thought to have occurred after the Australians interacted with those whose phones were compromised after they downloaded apps or had their phones physically accessed by the hackers.

A just-published report by a United States mobile phone data security company, Lookout, detailed the hacking which it said it had reported to the appropriate authorities and may have links back to an individual previously associated with a Sydney-based company.

Lookout’s report said it had identified over 15 gigabytes of compromised data that included call records, audio recordings, device location information, text messages and photos.

It said analysis of the exfiltrated data found details of trips to the Pakistani cities of Quetta, and Balochistan by Australian diplomats.

The report contains an image of what appears to be a document detailing an itinerary for Australian diplomats.

“Visit of Australian diplomats” is the heading of the document which has been redacted by Lookout but appears to reference the names of the individuals undertaking a visit and discuss security arrangements.

The report says the tools were part of a “highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military” using surveillanceware families Lookout referred to as Stealth Mango (Android) and Tangelo (iOS).

“Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military,’’ it says. “We determined that government officials and civilians from the United States, Australia, the United Kingdom and Iran had their data indirectly compromised after they interacted with Stealth Mango victims.’’

It says the Australians may have had their data stolen after they associated with users who had been compromised by the Stealth Mango surveillanceware.

“We further identified content from other countries officials and diplomats, including the United States, Australia, the United Kingdom and Iran, however we believe this data may have been stolen when these victims interacted with Stealth Mango victims,’’ it said.

Among data that is believed to be uploaded and tracked from infected phones was installed packages and device information, changes in SIM card or phone numbers on the device, picture, video and audio files, SMS logs and deleted incoming messages, GPS tracking, functionality to detect when a victim is driving, calendar events and reminders and contact lists for various third party applications such as Yahoo and Google Talk among others.

The report notes that the developer of the spyware may have at one point been associated with a company headquartered in Sydney that develops similar legal applications that track devices.

It suspects the developer is part of a group of developers selling mobile surveillance ware and is based in a specific area in the Pakistani capital Islamabad — potentially a government building associated with the Pakistani ministry of education.

The company says it has shared information about the breaches with the appropriate authorities.

“The actor behind Stealth Mango has stolen a significant amount of sensitive data from compromised devices without the need to resort to exploits of any kind,’’ it says.

“The actors that are developing this surveillanceware are also setting up their own command and control infrastructure and in some cases encountering some operational security missteps, enabling researchers to discover who the targets are and details about the actors operating it that otherwise are not as easily obtained.

“Relevant data has already been shared with the appropriate authorities.”

The Department of Home Affairs has been contacted for comment.

More related stories

Foreign Affairs

Super fund link to Saudi weapons

A super fund is under pressure to dump its shareholding in a firm said to be exporting weapons to Saudi Arabia.

Read more

Foreign Affairs

Brexit threatens export quotas

The Coalition is warning farmers of the dangers of a “no deal” Brexit and may demand compensation from the EU and Britain.

Read more