It wasn’t too long ago when people who owned Apple devices could feel relatively safe from the prying eyes of hackers, but times have changed.
Until recently, most hackers focused on Windows machines because they constituted the biggest target. However, researchers have been finding more security holes in machines containing Apple operating systems as of late, making them prime for hacks.
Security company FireEye issued a report this week that claims that hackers have found a way to break into iOS devices with the help of legitimate-looking but malicious apps downloaded to one’s phone.
FireEye learned of the hacks by examining roughly 400 GB of corporate data that was leaked when hackers breached the cybersecurity firm Hacking Team. That data breach was notable because the security firm worked with several governments, including Uzbekistan, Egypt and, Sudan’s intelligence service.
While FireEye warned of the possibility of these so-called masque attacks before, the company claims that it’s recent discovery is the first time that the attacks have actually occurred outside of a test lab environment. Masque attacks happen when an unwitting person downloads a malicious app to her Apple (AAPL) device by clicking on a shady web link.
“FireEye has recently uncovered 11 iOS apps within the Hacking Team’s arsenals that utilize Masque Attacks, marking the first instance of targeted iOS malware being used against non-jailbroken iOS devices,” wrote FireEye senior research scientist engineer Zhaofeng Chen on the company’s findings.
Some of the bad apps that FireEye found mimic the real apps, including WhatsApp, Twitter, Facebook, Facebook Messenger, Google Chrome, Blackberry Messenger, and Skype.
Once installed onto an Apple device, the bad apps link up the device so it “communicates with a remote server” and even leak sensitive data to that remote server.
“Because all the bundle identifiers are the same as the genuine apps on App Store, they can directly replace the genuine apps on iOS devices prior 8.1.3,” Chen wrote.
Among the data that can be transmitted to remote servers include the voice call recordings in Skype and Wechat, Chrome browser history logs, text messages sent in Skype and Facebook messenger, and photos.
You can see why governments and spy agencies might be interested in using some of these malicious apps to keep tabs of people they want to monitor.
When new details emerged in July on how spy agencies used Hacking Team’s services, leaked emails revealed that the security company boasted of a booby-trapped version of a Bible app to entice the Vatican to buy its services, although it was unclear if the Vatican actually bought the product.
FireEye recommends that all iOS users keep their devices updated and pay attention to the ways they download their apps.
Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.