Researchers at security company, Lookout, have identified a family of malware, referred to as 'SonicSpy' on Google Play Store, that can remotely control infected Android smartphones, the media reported.
The samples of 'SonicSpy' most recently found on the Play Store, called 'Soniac', is marketed as a messaging app, the researchers said on Sunday. It has infected more than 1,000 additional apps hosted at third-party Android app stores.
The malware gives attackers control over the device and allows them to silently record audio, make calls, retrieve call logs, contacts and take photographs, the company said in a blog post.
While 'Soniac' does provide this functionality through a customised version of the communications app 'Telegram', it also contains malicious capabilities that provide an attacker with significant control over a target device.
The infected applications that entered Google Play Store are 'Troy Chat', 'Hulk Messenger' and 'Soniac Messenger'.
The company said the analysed samples contained similarities to 'SpyNote', a malware family that was first reported in 2016.
Using Android applications to spread malware is becoming common these days.
A new batch of spyware named 'Lipizzan' that could capture users' text messages, voice calls, location data and photos was discovered and blocked by Google in July.
Google, in a blog post, said it discovered a new family of Android spyware while investigating another spyware named 'Chrysaor'.
'Lipizzan' spyware was capapable of performing tasks that include taking screenshots, taking pictures with the device camera, recording from the device's microphone, call recording and location monitoring.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.