CP
cyberpings
Malware & RansomwareHIGH

NoVoice Android Malware - Steals WhatsApp Data via Apps

Featured image for NoVoice Android Malware - Steals WhatsApp Data via Apps
SCSC Media
NoVoiceWhatsAppAndroid malwareGoogle PlayMcAfee
🎯

Basically, NoVoice is a harmful app that steals WhatsApp information from your phone.

Quick Summary

NoVoice malware has infiltrated Google Play, stealing WhatsApp data from millions. Users are at risk of account cloning. Immediate action is necessary to secure devices.

What Happened

A new Android malware, called NoVoice, has been discovered lurking in over 50 applications on Google Play. These apps, which include cleaners, image galleries, and games, have amassed at least 2.3 million downloads. They deceptively requested minimal permissions while providing their advertised features. However, once launched, the malware attempted to gain root access by exploiting vulnerabilities in older Android versions that were patched between 2016 and 2021.

How It Works

The NoVoice operation was identified by McAfee, which revealed that the malware hid its malicious components within the com.facebook.utils package, blending them with legitimate Facebook SDK classes. It utilized steganography to conceal an encrypted payload within a PNG file, which was then extracted and loaded into system memory. This clever tactic allowed the malware to avoid detection while it gathered device information and contacted a command-and-control server.

Who's Being Targeted

NoVoice primarily targets WhatsApp users by exfiltrating session data to clone user accounts. The malware employs various checks to avoid detection on devices in specific regions and to bypass emulators and VPNs. After gaining root access, it injects code into all launched apps, allowing it to manage applications silently and steal sensitive data.

Signs of Infection

Users may notice unusual behavior on their devices, such as unexpected app crashes or performance issues. If you downloaded any apps from Google Play that seem suspicious, your device may be compromised.

How to Protect Yourself

While Google has removed the malicious apps, users who downloaded them should take immediate action:

  • Update your Android device to a version with recent security patches, ideally post-May 2021.
  • Uninstall any suspicious apps and only download from trusted publishers in the future.
  • Consider performing a factory reset if you suspect your device has been compromised, but be aware that NoVoice employs persistence mechanisms to survive such resets.

Conclusion

The emergence of NoVoice underscores the ongoing challenges in mobile security, especially within official app stores. Users must remain vigilant and proactive in safeguarding their devices against such sophisticated threats.

🔒 Pro insight: The NoVoice malware's use of steganography and rootkit techniques highlights the evolving sophistication of mobile threats, necessitating enhanced user awareness and security measures.

Original article from

SCSC Media
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

CrystalRAT - New Malware-as-a-Service Offers Remote Access

A new malware-as-a-service called CrystalRAT has emerged, offering remote access and prank features. It targets popular applications and browsers, posing significant risks to users. Cybersecurity experts warn of its potential for widespread exploitation.

SC Media·
HIGHMalware & Ransomware

WhatsApp Alerts Users About Spyware in Fake iPhone App

WhatsApp warns of a fake iPhone app containing spyware affecting around 200 users. The company is taking action against the creators and urges users to uninstall the malicious app immediately.

SC Media·
HIGHMalware & Ransomware

Ransomware Attackers Exploit Legitimate IT Tools to Bypass Antivirus

Ransomware attackers are using legitimate IT tools to bypass antivirus systems. This trend poses a significant risk to organizations, making detection difficult. Staying informed and proactive is crucial for defense.

SC Media·
HIGHMalware & Ransomware

Phishing Campaign - Delivers Casbaneiro and Horabot Trojans

A new phishing campaign is targeting Spanish-speaking users, delivering the Casbaneiro and Horabot banking trojans. This sophisticated attack poses serious risks, as it exploits various methods to trick victims. Stay alert and protect your sensitive information.

SC Media·
HIGHMalware & Ransomware

WhatsApp Alerts Users After Fake iOS App Installs Spyware

WhatsApp has alerted users about a fake iOS app that installed spyware on their devices. Most affected users are in Italy. This incident highlights the growing threat of social engineering tactics in cyber attacks.

The Hacker News·
HIGHMalware & Ransomware

WhatsApp Alerts Users of Fake App Distributing Spyware

What Happened WhatsApp has issued a warning to its users about a fake app designed to distribute spyware. The Meta subsidiary reported that approximately 200 users were tricked into installing this malicious version of the app, which was specifically created for iPhones. The fake app was allegedly developed by SIO, an Italian spyware manufacturer. Who's Affected Most of the

The Record·