An Italian company's hacking tools were used to spy on Apple and Android  smartphones in Italy and Kazakhstan, Alphabet's Google said in a report  on Thursday.

Milan-based RCS Lab, whose website claims European law enforcement  agencies as clients, developed tools to spy on private messages and  contacts of the targeted devices, the report said.

Google (GOOG)'s findings on RCS Lab come as European and American regulators weigh potential new rules over the sale and import of spyware.

"These vendors are enabling the proliferation of dangerous hacking tools  and arming governments that would not be able to develop these  capabilities in-house," Google said.

Apple (AAPL) and the governments of Italy and Kazakhstan did not immediately respond to requests for comment.

RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes.

"RCS Lab personnel are not exposed, nor participate in any activities  conducted by the relevant customers," it told Reuters in an email,  adding that it condemned any abuse of its products.

Google said it had taken steps to protect users of its Android operating system and alerted them about the spyware.

The global industry making spyware for governments has been growing,  with more and more companies developing interception tools for law  enforcement organizations.

Anti-surveillance activists accuse them of aiding governments that in  some cases are using such tools to crack down on human rights and civil  rights.

The industry came under a global spotlight when the Israeli surveillance  firm NSO's Pegasus spyware was in recent years found to have been used  by multiple governments to spy on journalists, activists, and  dissidents.

While RCS Lab's tool may not be as stealthy as Pegasus, it can still  read messages and view passwords, said Bill Marczak, a security  researcher with digital watchdog Citizen Lab.

"This shows that even though these devices are ubiquitous, there's still  a long way to go in securing them against these powerful attacks," he  added.

On its website, RCS Lab describes itself as a maker of "lawful  interception" technologies and services including voice, data collection  and "tracking systems." It says it handles 10,000 intercepted targets  daily in Europe alone.

Hacking Team went bust after it became a victim of a major hack in 2015 that led to a disclosure of numerous internal documents.