The targets’ phone numbers were on a database believed to be of interest to clients of Israeli firm NSO. The list was leaked to major news outlets.
It is unclear where the list came from or how many phones were hacked.
The Indian government has denied any unauthorised surveillance.
The allegations about the use of the malware, known as Pegasus, were published on Sunday as part of a global investigation by the Washington Post, the Guardian and 14 other media organisations, including The Wire in India.
NSO has denied any wrongdoing. It said the software was intended for tracking criminals and terrorists and was only sold to military, law enforcement and intelligence agencies from countries with good human rights records.
Indian MPs are likely to raise the issue in the coming days. “Parliament today is likely to debate inflation, rise in fuel prices, the farmers’ bill and Covid-19 mishandling and vaccination,” opposition MP Derek O’Brien told the BBC.
The news drew sharp reactions on social media. The Mumbai Press Club called for an investigation into the allegations.
The database had a list of up to 50,000 mobile phone numbers, more than 300 of them reportedly belong to Indians, according to The Wire, which is yet to reveal all of the names but said it would do so over the week.
But it reported that the Indian portion of the list included 40 journalists, three opposition leaders and two ministers in Prime Minister Narendra Modi’s government among others.
Forensic tests on some of the phones with numbers on the list showed traces of the spyware. The Washington Post reported that 37 of the phones were successfully hacked.
Pegasus infects iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones.
A statement from NSO said the latest allegations – the result of an original investigation by Paris-based NGO Forbidden Stories and the human rights group Amnesty International – were “full of wrong assumptions and uncorroborated theories”.
“The claims that the data was leaked from our servers is a complete lie and ridiculous, since such data never existed on any of our servers,” NSO said.