High-profile Tibetans have seen their Apple iPhones and Android devices targeted by hacks delivered in WhatsApp messages. All that was required for their device to have a permanent tracker installed on their mobile was a single click of the link within the WhatsApp text, researchers claimed. It’s being labeled the most sophisticated attack on Tibetans yet, after attempts were made to steal WhatsApp and Facebook chats as well as locations with some novel techniques.

The hackers, believed to be sponsored by the Chinese government, have been dubbed Poison Carp by Citizen Lab, a group of surveillance-tracking researchers at the University of Toronto. The crew lured targets to open messages by pretending to be journalists or charity workers.

The Canadian researchers found technical links between Poison Carp and the group revealed to be targeting the iPhones and Android devices of Uighurs by Google Project Zero and Volexity in August. In particular, the same iPhone malware was used in both sets of attacks, while a website used to launch malicious code at Androids was the same.