Dangerous "NoVoice" Malware Found In Over 50 Play Store Apps That Were Installed 2.3 Million Times

Dangerous “NoVoice” malware found in over 50 Play Store apps that were installed 2.3 million times

Last updated: 2026/04/06 at 12:38 AM

News Room Published 6 April 2026

A new dangerous malware attack called “NoVoice” has been discovered and was mentioned in a new report in “Bleeping Computer.” The malware was found as payload in more than 50 apps listed in the Google Play Store. The report says that these apps were installed a total of 2.3 million times from Google’s Android app storefront. Employees at cybersecurity researcher McAfee discovered “NoVoice” and found it inside various apps such as system cleaners, games, and image galleries.

The most innocent apps contain the most dangerous payloads

That’s how attackers get you. Hiding malware inside what appears to be an innocent and useful app leads Android users to install the app. Once installed, the malware delivered as the payload exploits any Android vulnerabilities in an attempt to get root access. Not only will this lead the attackers to pick up information including usernames and passwords for your financial services apps, the malware can help install and delete apps onto your phone without your knowledge.

In some cases, part of the malware is installed in such a way that even performing a factory reset won’t completely eliminate it from your device. When it comes to “NoVoice,” things aren’t as bleak as they seems. Google told Bleeping Computer that Android devices updated since May 2021 are protected. Even my Pixel 6 Pro, released in October 2021, has been updated as recently as this year, giving it protection from the attack.

How you can tell which country the attackers are from

McAfee found that in certain regions, such as Beijing and Shenzhen in China, the malware failed to infect devices. This certainly gives you an idea about which country the attack was developed in. It allows the perpetrators to stay clear of domestic law enforcement.

In a statement, Google said that Google Play Protect automatically removed the malicious apps and blocked new installations. Google also said that Android users should always download the latest security update released for their devices.

As an added layer of defense, Google Play Protect automatically removes these apps and blocks new iinstallations. Users should always install the latest security updates available for their device.

Google

Unfortunately, Bleeping Computer didn’t name the more than 50 apps involved. It did include an image of the Play Store listing of an app called SwiftClean, which it says carried the NoVoice payload. The developer was Biodun Popoola. The malware gets its name from a silent audio file found in the code that plays at no volume in order to have the malicious code run in the background without getting detected by the user. To avoid malware like this, only install Android apps from the Google Play Store and also make sure to always update your phone.

Get Visible as low as $20/mo for 1 year. Limited time offer with code: FRESHSTART

Offer Ends 6.1.2026 at 11.59pm ET. New members get $5/mo off the $25/mg Visible plan, $35/mo Visible+ plan, or $45/mo Visible+ Pro plan for the first 12 months. Promo code FRESHSTART required at checkout.

Buy at Visible