More than 50 applications containing the "NoVoice" virus have been identified on the "Google Play" store. Experts state that these malicious programs have been downloaded a total of more than 2.3 million times. The virus primarily spread in the form of photo galleries, games, and system cleaning programs, and is notable for not requesting suspicious permissions from the user. 3dnews.ru reports on this.
Experts from "McAfee" company have studied the operating mechanism of this virus. It was revealed that once "NoVoice" is installed on a device, it attempts to gain root privileges by exploiting old vulnerabilities in the "Android" system. The malicious components are hidden among "Facebook" SDK classes; after being loaded into the system memory, it deletes all intermediate files and erases its tracks.
The primary objective of the virus is to steal users' personal data. Specifically, it captures sensitive information from the "WhatsApp" messenger, encryption keys, and backup copies on "Google Drive". This allows criminals to clone other people's accounts onto their own devices. Furthermore, because the virus modifies system libraries, resetting the device to factory settings does not guarantee its complete removal.
"Google" representatives stated that devices with security updates released after May 2021 installed are protected from this threat. Currently, all malicious applications have been removed from the store, and the "Google Play Protect" system is automatically blocking them. Experts recommend that users regularly install system updates.
Read “Zamin” on Telegram!
