A new and concerning malware threat, dubbed “NoVoice,” has recently come to light, as detailed in a report from Bleeping Computer. This insidious malware has been embedded within over 50 applications available on the Google Play Store, accumulating a staggering 2.3 million installations from users of Google’s Android platform. The cybersecurity team at McAfee was instrumental in uncovering “NoVoice,” which was found lurking in a variety of seemingly benign applications, including system cleaners, games, and image galleries.
The most innocent apps contain the most dangerous payloads
This tactic exemplifies a common strategy employed by cyber attackers: concealing malware within applications that appear harmless and beneficial. This deceptive approach lures unsuspecting Android users into downloading the malicious software. Once installed, the malware exploits vulnerabilities within the Android operating system, aiming to gain root access. The implications are severe, as this could enable attackers to harvest sensitive information, such as usernames and passwords associated with financial services applications. Moreover, the malware possesses the capability to install or delete applications on the device without the user’s consent.
In certain instances, the malware is engineered in such a way that even a factory reset may not fully eradicate it from the device. However, there is a silver lining regarding “NoVoice.” Google has reassured users that Android devices updated since May 2021 are safeguarded against this threat. For instance, my Pixel 6 Pro, released in October 2021, has received updates as recently as this year, ensuring its protection from potential attacks.
How you can tell which country the attackers are from
McAfee’s investigation revealed that the malware did not successfully infect devices in specific regions, notably Beijing and Shenzhen in China. This observation provides insight into the geographical origin of the attack, suggesting that the perpetrators may be strategically avoiding domestic law enforcement.
In a statement, Google confirmed that Google Play Protect has been proactive in removing the malicious applications and preventing new installations. The tech giant also emphasized the importance of users downloading the latest security updates for their devices.
As an additional layer of security, Google Play Protect automatically eliminates these harmful apps and blocks any new attempts at installation. Users are strongly encouraged to keep their devices updated with the latest security patches.
While Bleeping Computer refrained from naming the specific apps involved in this malware incident, it did highlight an app called SwiftClean, developed by Biodun Popoola, which was identified as carrying the NoVoice payload. The malware derives its name from a silent audio file embedded in the code, which operates at inaudible volume, allowing the malicious code to execute in the background without detection by the user. To mitigate the risk of encountering malware like NoVoice, users are advised to download Android applications exclusively from the Google Play Store and to ensure their devices are consistently updated.
