Kryptowire exposed the spyware on Tuesday, saying that it had found it hidden in the firmware that came installed by the manufacturer on some phones it had examined.
It said that the programme transmitted the information it collected from mobile phones to computers in Shanghai.
Firmware is the programme that comes pre-installed and controls actions like updating the operating system or other programmes.
"The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent," Kryptowire said.
It dodged anti-virus software because it was assumed that programmes shipped pre-installed on phones and considered integral to them were clean, it added.
Kryptowire identified Blu brand's R1 HD phone as one of the models infected with the programme.
The model has apparently been sold in India because price monitoring web sites like Mobilewithprices and Phoneradar have posted local prices for it.
Amazon's Indian web site sells accessories for the model, although the phone itself is not listed. The US parent of Amazon has stopped selling it.
The manufacturer of Blu said on its web site that it has "identified and has quickly removed a recent security issue caused by a third party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers.
"The firmware on its phones was automatically updated to remove it and verified to be no longer collecting or sending this information," Blu said.
In addition to R1 HD, Blu said the affected models were Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL and Energy Diamond.
The programme is of the category known as firmware over the air, which come pre-installed in computers and are meant, among other things, to keep the phones automatically updated.
Adplus, which claims to have over 700 million active users in more than 200 countries or regions, said that the programme to collect and send the information was "inadvertently" included in the firmware.
The company said it had come up with the programme to help "screen out junk texts and calls from advertisers" by analysing the information collected about them from phones "in order to improve mobile phone experience."
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.