Not too long ago, Google made a controversial decision when it decided to heavily restrict sideloading on Android. The reason was due to the potential dangers of downloading apps outside of the Play Store. However, a recently discovered Android malware called NoVoice was discovered on Google Play, making us question how robust Google’s own security is.
Newly discovered NoVoice Android malware found on Google Play
According to a report from Bleeping Computer, an Android malware called NoVoice was discovered hidden in more than 50 apps that were distributed on Google Play. Based on their report, these apps were downloaded at least 2.3 million times, meaning that there could be as many as 2.3 million devices currently at risk.
Researchers at cybersecurity company McAfee, discovered the NoVoice operation and found that they were hiding in apps disguised as system cleaners, image galleries, and games. Basically, apps that would otherwise seem rather innocent on the surface. So, what happens when you launch an infected app?
The malware will attempt to gain root access to your device. This is done by exploiting older Android vulnerabilities. It is smart enough where it will attempt to gather as much information as possible on the device to determine its exploit strategy. Once infected, it can steal information from your apps. It can also silently install and remove apps without the user’s knowledge.
The worst part is that it might be close to impossible to delete. This is because the malware installs recovery scripts and stores fallback payloads on the system partition. This means that even if you perform a factory reset, it won’t get rid of it entirely. This is due to how part of your device’s storage is never wiped, even after a factory reset.
But there’s good news
Like we said, the NoVoice Android malware seems to take advantage of older Android vulnerabilities. Google confirmed to Bleeping Computer that devices updated since May 2021 are protected. The company also issued a statement that reads, “As an added layer of defense, Google Play Protect automatically removes these apps and blocks new installs. Users should always install the latest security updates available for their device.”
This means that as long as your device has received updates past May 2021, you should be protected. However, if you had previously installed the infected apps, you should consider your device and data compromised.
The post 2.3 Million Users Affected by New Android Malware Hid in 50 Google Play Apps appeared first on Android Headlines.
