If you’ve downloaded anything new from the Google Play Store recently you might want to be wary of the extra “features” that may have come along with it. It’s being reported that a new malware dubbed “NoVoice” has infected a number of Apps across the Google Play store.

The apps it was discovered in were not limited to one genre, the malware was found in cleaners, games, image galleries and more. At launch the apps didn’t request any additional suspicious permissions and worked as intended.

Longtime cybersecurity behemoth McAfee discovered the malware but it’s not currently being linked to any specific malware group or threat actor, and no one has claimed credit for the attack as of writing. After installation the malware tries to gain root access to your device by utilizing vulnerabilities found in unpatched devices (most of these exploits have been patched between 2016 and 2021) highlighting the importance of keeping your devices up to date on firmware.

According to the researchers at McAfee the infected payload hitched a ride on what looked like legitimate Facebook SDK classes, which then deployed an encrypted payload hidden inside a PNG before system wiping all traces of itself. If this sounds like a less delightful matryoshka doll in malware form that’s because it is.

It was also noted by researchers that the malware had built in capacity to avoid certain regions in China if the original app was given permission to detect location. All-in-all researchers noted that the malware would attempt to try 22 known vulnerabilities on the infected device in order to gain root access. It was also discovered the primary goal once it had access was to then steal data from WhatsApp specifically, although it should be noted due to the flexible design of this malware it could have been used to steal other data (this just wasn’t noted during discovery).

All affected apps have now been removed from the Google Play Store, and a Google representative issued a statement:
“As an added layer of defense, Google Play Protect automatically removes these apps and blocks new installs. Users should always install the latest security updates available for their device.”

As NoVoice specifically targeted security flaws that were fixed before 2021, any device that has been updated since that time would be safe from this exploit. Regular patching and security updates are a core feature on every Valley Techlogic plan, we believe this helps:

• Fix known vulnerabilities before attackers can exploit them
• Reduce the risk of malware, ransomware, and unauthorized access
• Keep systems compatible with current security tools and protections
• Help maintain compliance with security standards and insurance requirements
  
  

Protect your business from threats today with a technology plan from Valley Techlogic, you can learn more about our services and get started here.

• .corn or .com? Domain scams are getting trickier, here’s how you spot them
• Social engineering scams on Facebook, LinkedIn and Twitter are increasing: what to look out for
• Five IT questions your MSP should be able to answer TODAY, and what it means if they can’t

• First Meta and then Claude, what does it mean when AI language models are leaked online

This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.