Apparently the number is significant as it far outweighs the number of known operators, meaning that some of them are using the software for illegal cross-border surveillance.
The findings come from a report published by Citizen Lab, a digital rights watchdog at the University of Toronto's Munk School of Global Affairs.
The malware, known as Pegasus (or Trident), was created by Israeli cyber-security firm NSO Group and has been around for at least three years.
The malware can operate on both Android and iOS devices, albeit it's been mostly spotted in campaigns targeting iPhone users.
Pegasus is powerful spyware that can do many things, such as record conversations, steal private messages, and nick photos.
Citizen Lab's said they identified 1,091 IP addresses that matched their fingerprint for NSO's spyware.
Then, they clustered the IP addresses into 36 separate operators with traces in 45 countries where these government agencies "may be conducting surveillance operations" between August 2016 and August 2018.
Some countries where the researchers spotted Pegasus in democratic countries, such as the United States, France, and the UK, but there's also countries with questionable human rights records such as the United Arab Emirates, Bahrain, Mexico, Turkey, and Yemen.
"I can only hope that our research is causing these companies to think twice about sales where there is the potential for spyware abuse, causing potential customers to think twice about being associated with a company dealing with repressive governments, and causing potential investors to think twice about the inherently risky business of selling spyware to dictators." The report includes a corroboration of sorts from security firm Lookout, which noted that it had detected "three digits" Pegasus infections around the world.