'NoVoice' Android Malware Hidden in 50+ Google Play Apps Infected 2.3 Million Devices

A new Android malware called NoVoice was discovered concealed within more than 50 applications on Google Play, where it accumulated at least 2.3 million downloads before being identified, BleepingComputer reported Wednesday. The malware evaded Google Play's security screening by hiding its malicious functionality within apps that appeared legitimate, a technique that has become increasingly common among threat actors targeting mobile platforms. NoVoice's name likely refers to its design goal of operating silently on infected devices without triggering user awareness. BleepingComputer did not immediately publish full technical details of what NoVoice does once installed, which is consistent with responsible disclosure practices that allow users time to update before attackers can optimize their campaigns based on published analysis. The scale of the infection -- 2.3 million devices across 50 or more applications -- places NoVoice among the larger Google Play malware campaigns discovered in recent years. Google Play has faced persistent criticism for the difficulty of keeping sophisticated malware off its platform, even as the company has invested in automated and human review processes. Android's open ecosystem, which allows sideloading and third-party app stores in addition to Google Play, creates a larger attack surface than Apple's iOS. However, the NoVoice campaign's reliance on the official Play Store indicates attackers have developed techniques to pass Google's vetting. Users who have downloaded apps from Google Play in recent months are advised to review installed applications and run a security scan. BleepingComputer reported the NoVoice discovery on April 1, 2026.