Researchers find 50 ‘dangerous’ Android apps that are secretly hijacking phones: Who is at risk
Researchers find 50 ‘dangerous’ Android apps that are secretly hijacking phones: Who is at risk
Publish Date: 2026-04-06 21:40:00
Source Domain: timesofindia.indiatimes.com
If you have downloaded a phone cleaner, a puzzle game or a photo utility from the Google Play Store in recent months, there is a chance your device may have been hacked. Researchers from Cybersecurity company McAfee has claimed that it uncovered a sophisticated Android malware campaign that had been hiding inside more than 50 apps available on Google Play. Together, those apps – which have now been removed from the Android app store – were downloaded more than 2.3 million times before being removed from the platform, it said.
How the attack worked
Called Operation NoVoice, the campaign involves apps that look and behave completely normally but security experts classify this as a rootkit attack which is one of the most dangerous and difficult-to-detect forms of malware. A rootkit is designed to burrow deep into a device’s operating system, granting attackers administrator-level control while hiding all traces of its presence from the user and the phone’s standard security tools. When a user downloaded one of the affected apps, it appeared to function exactly as advertised like cleaning junk files, running games and/or managing photos. There were no warning signs. Behind the scenes, however, the app was quietly contacting a remote server controlled by the attackers, sending back details about the device including its hardware, operating system version and security patch level.Based on that information, the attackers sent back custom exploit code tailored specifically to that particular device. If the exploit succeeded, the malware gained root-level access, which is the maximum level of control possible on an Android device. From there, it modified a core Android system library that every app on the phone relies on. The result: attacker-controlled code could run silently inside any app the user opened.While most malware can be removed by performing a factory reset, Operation NoVoice was designed to survive one. Fully removing it, McAfee warns, may require…
Source
