A U.S. mobile security firm says it has uncovered smartphone spyware aimed at pro-Democracy protesters in Hong Kong that comes disguised as an app created by a community of socially minded programmers.

When activated, the Android app reveals the smartphone user's geographical location, text messages, address book, emails and more, San Francisco-based Lacoon Mobile Security said this week.

Lacoon notes that a link to download the spyware began spreading via chats on the WhatsApp messaging app in recent weeks. Messages, which arrived from an unknown account, said "Check out this Android app designed by Code4HK for the coordination of Occupy Central!”

Clicking on an accompanying link infects users' phones.

The company says its analysis shows the spyware did not come from the group, and notes that it may have been created by the Chinese government. That's because the servers that distributed it were similar to those described in a 2013 report by computer-security firm Mandiant that accused the Chinese military of using cyberattacks to target U.S. companies, Lacoon said.