The "PlaiceRaider" app was created at the US Naval Surface Warfare Center in Crane, Indiana, to show how cyber criminals could operate in the future, the Daily Mail reported.
The creators even demonstrated how they could read the numbers of a cheque book when they tested the Android software on 20 volunteers.
The app can turn on a phone's camera, and personal data and private moments can be gleaned from images.
The software can build up a 3D model of a home, from which hackers can inspect rooms, and even take information about valuables in homes.
The military team gave infected phone instruments to 20 individuals, who did not know about the malicious app, and asked them to continue operating in their normal environment.
The team said they could glean vital information from all 20 users, and that the 3D reconstruction made it much easier to steal information than by just using the images alone.
Researcher Robert Templeman said the app can run in the background of any smartphone using the Android operating system, the daily said.
The team, however, offered various ways in which phone manufacturers could secure their systems, for instance making it impossible to disable the shutter sound on phones so that a user will know if a picture is being taken.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.