NoVoice malware takes control of 2.3 million Android devices with outdated versions

More than 50 applications present on Google Play put millions of Android devices with obsolete versions at risk with the campaign identified as NoVoice, which exploited old vulnerabilities to take control of smartphones.

Operation NoVoice, detected by McAfee’s mobile research team, exploited old vulnerabilities in the Android operating system, for which patches were released between 2016 and 2021.

Its distribution through Google’s official Play Store was in the form of utility applications or games that contained the malicious payload. Altogether, 50 were identified that accumulated more than 2.3 million downloads.

Once the user opened the malicious application, it connected in the background with a server to obtain the ‘exploit’ that allowed it to take complete control of the device adapted to the model and software version, as explained on the McAfee blog.

The ‘malware’ overwrote a central system library, causing malicious code to execute in each of the applications the user opens and opening the door to data extraction.

According to the researchers, the infection is not eliminated with a factory reset, but requires installing the ‘firmware’ again.

The campaign has been most prevalent in African countries such as Ethiopia, Algeria and Kenya, and India, due to the greater number of older devices with outdated operating systems that no longer receive security updates, although the reach has been global.