NoVoice Malware Discovered in 50 Google Play Apps, Affecting 2.3 M Downloads
What Happened — Security researchers identified the “NoVoice” Android malware embedded in 50 separate apps hosted on Google Play. The malicious code evaded Google’s automated scans and was installed on devices running outdated Android versions, accumulating roughly 2.3 million downloads before removal.
Why It Matters for TPRM —
- Mobile‑app supply‑chain attacks can compromise employee devices that access corporate data.
- Out‑of‑date device baselines increase the attack surface for third‑party software.
- Google Play’s vetting failures highlight the need for independent app‑risk assessments.
Who Is Affected — Consumer Android users, enterprises with BYOD programs, Mobile Device Management (MDM) providers, and any organization that permits third‑party Android apps on corporate devices.
Recommended Actions —
- Review and tighten BYOD and app‑allowance policies.
- Enforce minimum Android version and patch‑level requirements.
- Deploy an additional layer of mobile threat defense that scans installed apps for known malware signatures.
- Conduct periodic third‑party app risk assessments for any apps distributed via public stores.
Technical Notes — The NoVoice payload is delivered as a hidden library that activates on devices lacking recent security patches. It exfiltrates audio recordings and device identifiers, then attempts to install additional ad‑ware components. No public CVE is associated; the attack relies on social engineering and outdated OS libraries. Source: TechRepublic Security