1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'This rootkit is highly persistent; a standard factory reset will

    From TechnologyDaily@1337:1/100 to All on Thursday, April 02, 2026 17:30:26
    'This rootkit is highly persistent; a standard factory reset will not remove it': "NoVoice" Android malware on Google Play infects 50 apps across 2.3 million devices, here's what we know

    Date:
    Thu, 02 Apr 2026 16:25:00 +0000

    Description:
    NoVoice can clone people's WhatsApp accounts on different devices, experts warn.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter McAfee uncovers NoVoice malware hidden in 50+ Google Play apps with 2.3 million downloads Malware exploits old Android kernel and GPU flaws, persists even after factory reset Injects code into
    apps like WhatsApp to hijack sessions; Google has removed apps but infected devices remain compromised Millions of Android devices were infected with malware spying on their WhatsApp chats and that even a factory reset wouldnt wipe, experts have warned.

    Researchers at McAfee have published an in-depth report on NoVoice, a new Android malware variant found in more than 50 apps hosted on the Google Play store , downloaded more than 2.3 million times combined. Usually, Google is quite good at preventing criminals from smuggling malware onto the platform, but every now and then, something makes it through. Article continues below You may like Hugging Face platform hijacked to send out Android malware - here's what we know so far I smell a RAT new Android malware can hack every top phone maker's security, and costs less than a second-hand iPhone A dangerous new Android backdoor has been found - Keenadu lurks in firmware, here's what we know Cloning WhatsApp sessions This time around, it was a
    group of around 50 apps that worked as intended and did not require excessive permissions, such as Accessibility, which are the usual red flags. These apps were built in different categories, including utility apps, image galleries, and games.

    Instead of tricking users into sharing broad permissions, the apps tried to leverage almost two dozen different vulnerabilities, including use-after-free kernel bugs and Mali GPU driver flaws, all of which were patched between 2016 and 2021.

    That means that the attackers were going for older devices that their owners dont update or otherwise maintain.

    The malware would first collect device information from infected Androids, such as hardware details, kernel version, and Android version. After that, it would receive further instructions, including stage-two exploit strategy. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro
    newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Two things stand out: the way it establishes persistence, and what it does afterwards. Among other things, the malware installs recovery scripts that replace the system crash handler and store fallback payloads on the system partition. That way, when a user does a factory reset, the malware still persists.

    After establishing persistence, it injects malicious code into every app launched on the device. McAfee singled out WhatsApp, saying that the malware pulls sensitive data needed to replicate the victims session, thus allowing the attackers to clone the victims WhatsApp account on their own device.

    Google says it has now removed all of the malicious apps, but until users do the same on their devices, they will remain compromised. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-rootkit-is-highly-persistent-a-sta ndard-factory-reset-will-not-remove-it-novoice-android-malware-on-google-play- infects-50-apps-across-2-3-million-devices-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)