{"id":228046,"date":"2026-03-31T03:00:46","date_gmt":"2026-03-31T10:00:46","guid":{"rendered":"https:\/\/www.mcafee.com\/blogs\/?p=228046"},"modified":"2026-03-30T12:20:14","modified_gmt":"2026-03-30T19:20:14","slug":"operation-novoice-android-malware-mcafee-research","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/","title":{"rendered":"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices"},"content":{"rendered":"<p>McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice.<\/p>\n<p>The campaign was distributed through more than\u00a050 apps previously available on Google Play, disguised as everyday tools like cleaners, games, and photo utilities. Together, the apps were downloaded more than\u00a02.3 million times, though it\u2019s unclear how many devices may have been impacted.<\/p>\n<p>If the attack succeeds, the malware can gain\u00a0deep control of a device, allowing attackers to inject malicious code into apps as they are opened and access sensitive data.<\/p>\n<p><span data-contrast=\"auto\">However, the most serious impact depends on the device.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>On\u00a0older or unpatched Android devices, the malware can install a highly persistent form of infection that may survive a standard factory reset. Newer Android devices with up-to-date security protections are\u00a0not vulnerable to the root exploit observed in this campaign, though they may still be exposed to other types of malicious activity from these apps.<\/p>\n<p>In other words, on vulnerable devices, the malware can behave like a kind of\u00a0digital \u201czombie,\u201d\u00a0continuing to\u00a0operate\u00a0in the background even after a reset.<\/p>\n<p><span data-contrast=\"auto\">Want the full technical breakdown?\u00a0<\/span><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Foperation-novoic%E2%80%A6t-tells-no-tales%2F%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Dive into the McAfee Labs research here.<\/span><\/a><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">We break down what you need to know below:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">How\u00a0&#8220;Operation\u00a0NoVoice&#8221; Works<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Operation\u00a0NoVoice\u00a0is what security experts call a\u00a0<\/span><b><span data-contrast=\"auto\">rootkit malware attack<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">A\u00a0<\/span><b><span data-contrast=\"auto\">rootkit<\/span><\/b><span data-contrast=\"auto\">\u00a0is a type of malware designed to gain deep, privileged control of a device while hiding its presence from the user and the operating system\u2019s normal security tools.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Breaking the term down:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li><b><span data-contrast=\"auto\">\u201cRoot\u201d<\/span><\/b><span data-contrast=\"auto\">\u00a0refers to the highest level of access on a system (administrator-level control).<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"auto\">\u201cKit\u201d<\/span><\/b><span data-contrast=\"auto\">\u00a0refers to a collection of tools used by an attacker to\u00a0maintain\u00a0that control.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p>Put simply, a rootkit allows attackers to\u00a0operate\u00a0underneath the normal apps and security protections on a phone, giving them powerful control while staying difficult to detect.<\/p>\n<p><span data-contrast=\"auto\">In the case of Operation\u00a0NoVoice, the attack unfolds in several steps.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">1) A normal-looking app starts the attack<\/span><\/h3>\n<p><span data-contrast=\"auto\">The campaign began\u00a0with apps that appeared\u00a0harmless on the Google Play Store. These apps advertised\u00a0themselves as tools like phone cleaners, puzzle games, or gallery utilities.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">When a user downloaded\u00a0and opened\u00a0one of these apps, it appeared\u00a0to work normally. There are no obvious signs\u00a0to the user that\u00a0anything is wrong.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">2) The malware quietly checks the device<\/span><\/h3>\n<p><span data-contrast=\"auto\">Behind the scenes, the app contacts a remote server controlled by the attackers.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>The server collects information about the device,\u00a0things like its hardware, operating system version, and security patch level. Based on that information, the attackers send back\u00a0custom exploit code designed for that specific device.<\/p>\n<h3><span data-contrast=\"none\">3) The attack gains deep system access<\/span><\/h3>\n<p>If the exploit succeeds, the malware gains\u00a0root-level access\u00a0to the device.<\/p>\n<p><span data-contrast=\"auto\">At that point, the attackers can install\u00a0additional\u00a0malicious components and\u00a0modify\u00a0parts of the Android operating system itself.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">4) Every app on the phone can be affected<\/span><\/h3>\n<p><span data-contrast=\"auto\">Once the rootkit is installed, it\u00a0modifies\u00a0a core Android system library that every app relies on.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This allows attacker-controlled code to run\u00a0<\/span><b><span data-contrast=\"auto\">inside any app the user opens<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">That means the attackers could potentially access data from messaging apps, financial apps, or social media apps without the user noticing.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">5) The malware can remain even after a reset<\/span><\/h3>\n<p><span data-contrast=\"auto\">Operation\u00a0NoVoice\u00a0also includes persistence mechanisms designed to keep the malware active.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>In some cases,\u00a0the infection could\u00a0survive a standard factory reset, because the malicious components\u00a0modify\u00a0parts of the system software that resets typically do not replace.<\/p>\n<p>Fully removing the infection may require\u00a0reinstalling the device\u2019s firmware,\u00a0something most users cannot easily do themselves.<\/p>\n<p><strong>*To be clear, these apps have been removed from Google Play and are no longer available for download.\u00a0<\/strong><\/p>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">Why\u00a0The\u00a0Name \u201cOperation\u00a0NoVoice\u201d<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">The name Operation\u00a0NoVoice\u00a0comes from a hidden\u00a0component\u00a0inside the malware itself.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Researchers discovered a resource\u00a0labeled\u00a0\u201cnovioce\u201d embedded in one of the attack\u2019s later stages. The file\u00a0contains\u00a0a silent audio track that plays at zero volume.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This may seem strange, but it serves a purpose.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">By continuously playing silent audio in the background, the malware can keep a foreground service running without drawing attention. This allows the malicious code to remain active while appearing harmless to the operating system.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The researchers believe the name \u201cnovioce\u201d is\u00a0likely a\u00a0misspelling of \u201cno voice,\u201d referring to the silent audio trick used to keep the malware running.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">How To Stay Safe from Malware Disguised as Apps<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Operation\u00a0NoVoice\u00a0highlights an important reality: even apps that appear legitimate can sometimes hide malicious\u00a0behavior.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Fortunately, there are several steps users can take to reduce their risk.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p aria-level=\"3\"><span data-contrast=\"none\">Be cautious with unfamiliar apps<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Even if an app appears on the Google Play Store,\u00a0it\u2019s\u00a0still important to review:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">the developer\u2019s name<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">the number of downloads<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">recent user reviews\u00a0(check for negative reviews)<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Apps with very few reviews, vague descriptions, or suspicious developer accounts can sometimes be part of malware campaigns.\u00a0And exercise even\u00a0<\/span><i><span data-contrast=\"auto\">greater\u00a0<\/span><\/i><span data-contrast=\"auto\">caution with apps promoted through advertisements or that create a a sense of urgency.\u00a0<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><span data-contrast=\"none\">Keep your phone updated<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Many attacks rely on exploiting known vulnerabilities in older versions of Android.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>Installing\u00a0system updates and security patches\u00a0helps reduce the chance that these exploits will work.<\/p>\n<h3 aria-level=\"3\"><span data-contrast=\"none\">Remove apps you\u00a0don\u2019t\u00a0recognize<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">If you notice apps on your device that you\u00a0don\u2019t\u00a0remember installing, review them carefully and remove anything suspicious.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Keeping your phone\u2019s app list clean reduces the potential attack surface.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><span data-contrast=\"none\">Use mobile security protection<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Mobile security software can help detect suspicious\u00a0behavior\u00a0and block known malware.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">For example,\u00a0<\/span><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Fen-us%2Fantivirus%2Fmobile.html%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><b><span data-contrast=\"none\">McAfee Mobile Security detects this threat<\/span><\/b><\/a><b><span data-contrast=\"auto\">\u00a0as Android\/NoVoice<\/span><\/b><span data-contrast=\"auto\">\u00a0and can warn users if a malicious app is\u00a0identified.\u00a0<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Fen-us%2Fscam-detector%2F%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Scam Detector<\/span><\/a><span data-contrast=\"none\">\u00a0to help flag suspicious messages and links\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Flearn%2Fweb-protection%2F%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Safe Browsing tools<\/span><\/a><span data-contrast=\"none\">\u00a0to help block risky websites\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Flearn%2Fvpn%2F%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">VPN<\/span><\/a><span data-contrast=\"none\">\u00a0to keep your connection private on public Wi-Fi\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Flearn%2Fidentity-monitoring%2F%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Identity Monitoring and Alerts<\/span><\/a><span data-contrast=\"none\">\u00a0to\u00a0notify you\u00a0if your personal information appears where it\u00a0shouldn\u2019t\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Flearn%2Fpersonal-data-cleanup%2F%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Personal Data Cleanup<\/span><\/a><span data-contrast=\"none\">\u00a0to help remove your information from high-risk data broker sites\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><a href=\"https:\/\/mcas-proxyweb.mcas.ms\/certificate-checker?login=false&amp;originalUrl=https%3A%2F%2Fwww.mcafee.com.mcas.ms%2Fen-us%2Fantivirus.html%3FMcasTsid%3D20892&amp;McasCSRF=2523f91618c87a85b66e7a4303ebc49b9eaa014e09a09d4bc1b75599a5704456\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Device and Account Security<\/span><\/a><span data-contrast=\"none\">\u00a0to help protect the things you use most<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">What Operation\u00a0NoVoice\u00a0Tells Us About the Future of Mobile Threats<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Operation\u00a0NoVoice\u00a0highlights how mobile malware is evolving. Instead of obvious malicious apps, attackers are increasingly hiding their operations inside\u00a0<\/span>ordinary-looking tools distributed through legitimate app stores.<\/p>\n<p>What makes this campaign particularly concerning\u00a0isn\u2019t\u00a0just the number of downloads or the technical complexity.\u00a0It\u2019s\u00a0the way the malware combines several advanced techniques,\u00a0device-specific exploits, modular plugins, and deep system persistence,\u00a0into a single attack chain.<\/p>\n<p>That approach allows attackers to quietly turn an everyday app download into\u00a0long-term control of a device.<\/p>\n<p><span data-contrast=\"auto\">That\u2019s why keeping devices updated, reviewing apps carefully, and using mobile security protection are becoming increasingly important. As Operation NoVoice shows, today\u2019s malware isn\u2019t just trying to get onto devices; it\u2019s trying to stay there.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed through more than\u00a050 apps&#8230;<\/p>\n","protected":false},"author":1440,"featured_media":194468,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10667,10661,1838,8050],"tags":[],"coauthors":[16632],"class_list":["post-228046","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","category-internet-security","category-mobile-security","category-mcafee-news"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | McAfee Blog<\/title>\n<meta name=\"description\" content=\"McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-31T10:00:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Brooke Seipel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Brooke Seipel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/\"},\"author\":{\"name\":\"Brooke Seipel\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/e0177129df164a74082f47397af3e729\"},\"headline\":\"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices\",\"datePublished\":\"2026-03-31T10:00:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/\"},\"wordCount\":1164,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png\",\"articleSection\":[\"Security News\",\"Internet Security\",\"Mobile Security\",\"McAfee News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/\",\"name\":\"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png\",\"datePublished\":\"2026-03-31T10:00:46+00:00\",\"description\":\"McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png\",\"width\":300,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Internet Security\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/e0177129df164a74082f47397af3e729\",\"name\":\"Brooke Seipel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/ac03c1083bbdcd2cbb0675dc29c62cbe\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/01\/1693283531327-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/01\/1693283531327-96x96.jpg\",\"caption\":\"Brooke Seipel\"},\"description\":\"Brooke Seipel is the Content Editor in Chief at McAfee, where she leads the company's content strategy with a focus on cybersecurity education. With a decade of experience in audience development and digital content, Brooke has a strong understanding of online audiences, emerging trends, and the evolving cyber landscape. Before joining McAfee, Brooke led audience teams and served as both a reporter and editor at numerous award-winning publications including Fortune, The Hill, International Business Times, New Republic, and The OC Register. Brooke is dedicated to providing insightful, actionable content that empowers readers to make informed decisions about their digital safety. When she's not immersed in the world of cybersecurity, you can find her scrolling social media endlessly, soaking up the latest trends, and also volunteering as a naturalist.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/brooke-seipel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | McAfee Blog","description":"McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | McAfee Blog","og_description":"McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed","og_url":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2026-03-31T10:00:46+00:00","og_image":[{"width":300,"height":200,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png","type":"image\/png"}],"author":"Brooke Seipel","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Brooke Seipel","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/"},"author":{"name":"Brooke Seipel","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/e0177129df164a74082f47397af3e729"},"headline":"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices","datePublished":"2026-03-31T10:00:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/"},"wordCount":1164,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png","articleSection":["Security News","Internet Security","Mobile Security","McAfee News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/","url":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/","name":"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png","datePublished":"2026-03-31T10:00:46+00:00","description":"McAfee\u2019s mobile research team has uncovered a large-scale Android malware campaign\u00a0we\u2019re\u00a0tracking as\u00a0Operation\u00a0NoVoice. The campaign was distributed","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/300x200_Blog_061424-2.png","width":300,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/operation-novoice-android-malware-mcafee-research\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Internet Security","item":"https:\/\/www.mcafee.com\/blogs\/internet-security\/"},{"@type":"ListItem","position":3,"name":"Operation NoVoice: Android Malware Found in 50+ Apps Can Hijack Devices"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/e0177129df164a74082f47397af3e729","name":"Brooke Seipel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/ac03c1083bbdcd2cbb0675dc29c62cbe","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/01\/1693283531327-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/01\/1693283531327-96x96.jpg","caption":"Brooke Seipel"},"description":"Brooke Seipel is the Content Editor in Chief at McAfee, where she leads the company's content strategy with a focus on cybersecurity education. With a decade of experience in audience development and digital content, Brooke has a strong understanding of online audiences, emerging trends, and the evolving cyber landscape. Before joining McAfee, Brooke led audience teams and served as both a reporter and editor at numerous award-winning publications including Fortune, The Hill, International Business Times, New Republic, and The OC Register. Brooke is dedicated to providing insightful, actionable content that empowers readers to make informed decisions about their digital safety. When she's not immersed in the world of cybersecurity, you can find her scrolling social media endlessly, soaking up the latest trends, and also volunteering as a naturalist.","url":"https:\/\/www.mcafee.com\/blogs\/author\/brooke-seipel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/228046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1440"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=228046"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/228046\/revisions"}],"predecessor-version":[{"id":228049,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/228046\/revisions\/228049"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/194468"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=228046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=228046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=228046"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=228046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}