Warning: Millions of Android devices have installed 50 apps containing malware.
A sophisticated malware campaign has been discovered on Google Play, with approximately 50 Android apps containing malicious code silently infiltrating millions of Android devices worldwide.
According to researchers from security firm McAfee, approximately 50 Android applications containing malware called NoVoice have appeared directly on the Google Play store and have been downloaded more than 2.3 million times.

The worrying aspect is that these applications didn't need to bypass security systems using sophisticated tricks; they were released as normal software, mainly games, cleaning apps, or photo galleries. After being reported, Google proceeded to remove all related applications.
A stealth attack mechanism targeting outdated Android devices.
Unlike many Android malware programs that spread through external installation files, NoVoice operates directly within applications downloaded from the official app store. According to BleepingComputer, when users open the application, the malware activates and exploits vulnerabilities in older Android versions (from 2016-2021).
At the same time, this malware also attempts to take control of the device and hide itself within legitimate system components.
The malware then extracts encrypted code segments and loads them directly into memory to execute a technique that helps evade detection by traditional security software.
Collect data and control devices remotely.
Once operational, NoVoice collects a wealth of information about the device, such as the Android version, hardware specifications, and application list.
This data is sent to the command and control server, allowing the attacker to continue sending additional commands or malware every 60 seconds.
Researchers say the malware can exploit up to 22 different vulnerabilities, including critical operating system flaws, to gain complete control of the system.
After successfully gaining control of the device, the malware will proceed to replace Android system components, install code into the system to maintain long-term operation, and write data to the system partition.
This makes it nearly impossible to clean an infected device by restoring it to factory settings, creating a dangerous "backdoor."
At its highest level, NoVoice can automatically install and uninstall apps, restart devices to maintain operation, and steal data from sensitive applications.
Notably, the malware is capable of accessing data from WhatsApp, thereby copying login sessions to the attacker's device. The risk to financial applications is also a concern.
According to Google, Android devices updated from May 2021 onwards are largely immune to this attack. Conversely, older, unupdated devices and phones that have been compromised or had their systems tampered with are at the highest risk.
Signs that your device is infected with malware.
Users should be wary if their device exhibits symptoms such as unusual battery drain, spontaneous restarts, and apps disappearing or reinstalling themselves.
If you encounter these symptoms, you should immediately disconnect from the network and have your device checked.
To minimize risks, security experts recommend that Android users always update their operating system to the latest version, only install applications from reputable developers, and limit the use of outdated devices.
The NoVoice incident demonstrates that even mainstream platforms like Google Play are not entirely immune to sophisticated attack campaigns. In the context of increasingly sophisticated malware, user security awareness remains the most important line of defense.