Researchers from McAfee Labs published a report and warning after discovering that no fewer than 50 Android apps available on the Google Play Store were infected with malware that could ultimately enable full remote access to the smartphone if successfully exploited. Between them, these apps had been downloaded more than 2.3 million times.
Google has, however, assured me that users have nothing to worry about as devices have been protected against the vulnerabilities exploited by the malware since 2021.
The malware in question, though, is a new one, NoVoice, and the infected apps range from image galleries to games and system utilities. Here’s what you need to know.
MORE FROM FORBESGoogle Issues Zero-Day Attack Alert For 3.5 Billion Chrome UsersBy Davey Winder
Android security threats are not, sadly, uncommon. I have reported on everything from firmware backdoors to a 60-second Android smartphone hack already this year. Android malware, however, is almost certainly the greatest security threat to your smartphone. Which is why, when a leading cybersecurity vendor such as McAfee publishes a warning regarding 50 Android apps available on the Google Play Store, downloaded more than 2 million times and infected with a nasty new malware threat, I tend to take notice.
The warning, by way of a McAfee Labs report titled Operation NoVoice: Rootkit Tells No Tales, authored by Ahmad Zubair Zahid from McAfee’s mobile research team, said that while appearing to function normally, “in the background, however, the app contacts a remote server, profiles the device, and downloads root exploits tailored to that device’s specific hardware and software.” The payload, if the exploit were successful (and more on that very important point momentarily), would be the threat actor gaining full control of the device and “from that moment onward,” every app that the user opens would be “injected with attacker‑controlled code,” McAfee said.
Yeah, sounds really nasty, but here comes the there’s-a-catch bit. “The malware described in this blog relies on vulnerabilities Android made patches available for in 2016 – 2021,” Zahid admitted. And that, dear reader, means that if your smartphone has an Android security patch level of 2021-05-01 or higher, it is not “susceptible to the exploits that we were able to obtain from the command-and-control server,” according to the McAfee report. Zahid did note, it must be said, that “patched devices that downloaded these apps could have been exposed to unknown potential payloads outside of what we discovered.”
But still, if you ask me, this all sounds like something of a storm in a cyber teacup. And, as it turns out, if you ask Google, as I did.
A Google spokesperson issued the following response when I approached the company for comment: “Android addressed the vulnerabilities this malware relies on in security updates years ago, so if your device has been updated since May 2021, it’s been protected. As an added layer of defense, Google Play Protect automatically removes these apps and blocks new installs. Users should always install the latest security updates available for their device.”
MORE FROM FORBESNew Gmail Email Address Update Alert—Protect Your Google Account NowBy Davey Winder
This article was originally published on Forbes.com
