In a recent turn of events, Google has faced scrutiny following its decision to impose stringent restrictions on sideloading applications on Android devices. This move was primarily motivated by concerns regarding the potential risks associated with downloading apps from sources outside of the Google Play Store. However, the discovery of a new Android malware named NoVoice on the Play Store has raised questions about the effectiveness of Google’s own security measures.
Newly discovered NoVoice Android malware found on Google Play
A report from Bleeping Computer has unveiled that the NoVoice malware was embedded within over 50 applications available on Google Play, with these apps collectively racking up at least 2.3 million downloads. This alarming statistic suggests that approximately 2.3 million devices may currently be at risk of compromise.
Researchers from cybersecurity firm McAfee uncovered the NoVoice operation, revealing that the malware was cleverly concealed within seemingly benign applications, such as system cleaners, image galleries, and games. Users might unwittingly launch these infected apps, unaware of the lurking threat.
Upon activation, the malware seeks to gain root access to the device by exploiting known vulnerabilities in older versions of Android. It employs a sophisticated strategy to gather extensive information about the device, which informs its method of attack. Once a device is compromised, NoVoice can pilfer sensitive data from applications and can also install or remove apps without the user’s consent.
Perhaps most concerning is the malware’s resilience; it may prove nearly impossible to eradicate. NoVoice installs recovery scripts and retains fallback payloads in the system partition, meaning that even a factory reset may not eliminate the threat entirely. A portion of the device’s storage remains untouched during a factory reset, allowing the malware to persist.
But there’s good news
Fortunately, there is a silver lining. The NoVoice malware primarily exploits older vulnerabilities in the Android operating system. Google has confirmed to Bleeping Computer that devices updated since May 2021 are safeguarded against this threat. In a statement, the company noted, “As an added layer of defense, Google Play Protect automatically removes these apps and blocks new installs. Users should always install the latest security updates available for their device.”
This means that if your device has received updates beyond May 2021, you should be well-protected. However, for those who have previously installed the infected applications, it is advisable to consider their devices and data as potentially compromised.
