Leaked information shows that the Prime Minister's Office (PMO) and the Malaysian Anti-Corruption Commission (MACC) among customers of citizen-spying software purchased from Milan-based IT company Hacking Team.
This was revealed after Hacking Team fell victim to hackers who stole 400GB of the company's data and put them up for download on Hacking Team's own Twitter account.
Among the stolen data included a list of the company's clients and invoices.
The list showed three clients from Malaysia, namely the PMO, MACC and "Malaysia Intelligence", according to CSO Online.
According to more data posted by a Twitter user on Medium.com, MACC spent more than RM500,000 to purchase the Da Vinci system.
The leaked document showed MACC paid Euro 102,122.50 for the system in 2011 and a further Euro 38,500 (50 percent payment) to renew the system 2013.
The Da Vinci system tricks users into opening it.
Once activated by opening the file, it can track, eavesdrop and download information from the victim's computer.
MACC's subscription expired
The published documents also showed that MACC's subscription of the service had since expired but the subscription for PMO and "Malaysia Intelligence" remained active.
The hackers, who have yet to identify themselves, had even hijacked Hacking Team's Twitter account and changed its name to "Hacked Team".
They also posted up the company's 400GB of data with a message: "Since we have nothing to hide, we're publishing all our e-mails, files and source code".
Hacking Team had since regained its account and sought to dismiss the legitimacy of its stolen information that was uploaded online.
"The torrent contains a virus, it's best to let the authorities examine the evidence and stop seeding and spreading false info," said Hacking Team security engineer Christian Pozzi in a Twitter posting.
Reporters Without Borders in its 2013 report named Hacking Team as one of the "corporate enemies of the Internet".
Malaysiakini has written to the PMO and MACC seeking their response.