Google has taken action to curb the spread of Android malware based on "SonicSpy" that besides just exfiltrating personal data from the phone, had the ability to silently record audio, take photos with the camera, make calls, and send text messages.

First spotted by security researchers at Lookout, the malware package had been "aggressively deployed" since February 2017, with several examples actually rolling out on the Google Play store. In each case, the apps masqueraded as cross-protocol messaging applications and installs as a custom version of the commonly used Telegraph.

Specific data able to be purloined from the phone also includes call logs, contacts, information about wi-fi access points, and any personal information retained in the phone. It is unknown if the malware can examine other apps, and retrieve stored passwords.

The researchers tracked back the malware to Iraq. It is not known how many devices may have been infected by the latest malware.

Up to three instances of the malware were removed from Google Play after being notified of the problem — one confirmed to be purged by Google, and the removal of the other two may have been by the posters themselves. Lookout claims that over a thousand versions of the apps survive elsewhere, and can be side-loaded onto devices by unwary users.

"The actors behind this family have shown that they're capable of getting their spyware into the official app store," wrote Lookout, "and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future."

Multiple requests by press venues to comment on the malware have been met with silence.

Google announced in March that only 0.05 percent of Android users downloaded malware from Google Play in 2016. Out of 1.4 billion active devices, that means that 560,000 device were infected from the official Google Play store alone, not even including side-loading infections.