A commercial hacking tool sold only to governments was deployed against the director of a Mexican anti-corruption organization, according to the University of Toronto's Citizen Lab.
Citizen Lab has previously identified 21 cases in Mexico where the same militarized spyware was used, saying it shows a pattern of attempts to spy on inappropriate targets.
Claudio González, director of Mexicans Against Corruption and Impunity, was targeted with the "Pegasys" malware developed by the contractor NSO Group.
Similar Pegasys attacks have previously targeted opposition politicians, journalists and international investigators looking into the disappearance of 43 students in the city of Iguala in 2014.
NSO's Pegasys product targets mobile devices and is intended for law enforcement and counterterrorism use. It is unclear who is behind the attacks, while the government of Mexico is an NSO client.
According to the Citizen Lab report, Gonzalez received two text messages with malicious links meant to appear as warnings about negative newspaper coverage.
One translates to: "Mr. Claudio here is a story in El Universal where you are mentioned in a deplorable way, look."
The NSO group's majority owners are the U.S.-based Francisco Partners. The company is headquartered in Israel.