Dangerous NoVoice Malware Discovered in 50-Plus Google Play Store Apps With 2.3 Million Downloads
Luckily, if you have an Android device that was updated after a certain date, you're okay.
A newly identified strain of malware dubbed "NoVoice" has been uncovered lurking inside more than 50 applications on the Google Play Store, with the infected apps collectively downloaded over 2.3 million times before their removal, raising fresh alarms about the security of the world's largest Android app marketplace.
Security researchers who discovered the threat say NoVoice is particularly insidious because it operates silently in the background, concealing its activity from both users and standard security scans. The malware is designed to harvest sensitive personal data, intercept communications, and in some cases grant remote access to bad actors without triggering obvious warning signs on infected devices.
The infected applications spanned a wide range of categories, including productivity tools, utility apps, and casual games, making it difficult for users to identify a single point of risk. Many of the apps had strong ratings and thousands of positive reviews, suggesting the threat actors had invested significant effort in making their creations appear legitimate.
Google has confirmed that all identified apps containing the NoVoice malware have been removed from the Play Store and that Google Play Protect, the platform's built-in security system, has been updated to detect and flag the malware on existing installations. The company says it is continuing to investigate the full scope of the campaign.
There is, however, a significant silver lining for many Android users. Devices running Android security patches released after a specific cutoff date are protected against the exploit that NoVoice relies upon, meaning fully updated phones are not at risk. Security experts are urging all Android users to check that their devices are running the latest available software updates immediately.
Users who believe they may have downloaded one of the affected apps are advised to run a full scan using Google Play Protect, uninstall any suspicious applications, and change passwords for sensitive accounts as a precautionary measure. Enabling two-factor authentication on key accounts is also strongly recommended in the aftermath of the discovery.
This incident serves as yet another reminder of the ongoing challenges facing app store security, even on platforms with rigorous vetting processes. Cybersecurity experts continue to call for stronger pre-publication screening and faster response protocols to protect the hundreds of millions of people who rely on the Google Play Store every day.