The exploit was discovered on Thursday by an employee at the company, which is owned by Sony, and then used to target a range of smartphones including the Xperia Z3, Xperia Z4, Xperia XZ Premium, Xperia E, Xperia M, Xperia Pro, Xperia U, Xperia C, Xperia S, Xperia B and Xperia C2.
It’s believed that more than a dozen Xperia phones were targeted in the attack, but there is no evidence yet that any of them have been affected by the flaw.
The malware, dubbed “GainRemote” by researchers at Kaspersky Lab, also used an Android exploit developed by researchers with the Israeli company Ababasoft, who said the exploit could be used to steal sensitive information.
“Gain Remote is not a malicious application but a malicious Java script that can be installed by the attacker.”
The malicious Java module was the first part of the exploit.
The researchers said the malicious Java code was used to run “a malicious Java applet”, which was then used as the “target” of the attack.
“Once the attacker has the target’s location and phone number, the malware sends the target a specially generated SMS, which triggers the targeted device to send a command to a remote server,” the blog post said.
“After the target sends the command to the remote server, the remote command is executed on the targeted phone, and the device is captured and encrypted, which allows the attacker to decrypt and copy the data from the phone into his or her own device.”
Kaspersky’s research team said that the code was a variant of the same Java code that was already used to control a range.
Affected phones include the Xperia XC, Xperia J, Xperia K, Xperia L, Xperia Mini, Xperia R, Xperia V, Xperia Tablet Z, Xperia Play, Xperia Turbo, Xperia T, Xperia Ultra, Xperia, Xperia XL, Xperia UX, Xperia Y, Xperia N and Xperia Z2.
Android devices running versions 6.0 or higher are not affected.
The latest versions of Android include the Android operating system and its built-in applications, such as Gmail and Google Maps.
The exploit has been publicly available for a year, but researchers said they did not publish any details about its existence.
However, the Kasperski Lab blog post did state that the exploit was used by at least two unnamed Android vendors.
The vulnerability was first discovered by security researchers from Kaspersk.
It was then published in the first half of 2017, but has since been patched.