Operation NoVoice: Rootkit Tells No Tales

McAfee researchers detail the NoVoice Android rootkit campaign: malicious apps on Google Play (over 50 apps, ~2.3M downloads) profile devices and fetch tailored kernel exploits from C2 servers to gain root, disable SELinux, overwrite core system libraries, and inject attacker-controlled code into every app for persistent, factory-reset‑resistant control; the framework is modular, actively maintained, and observed exfiltrating WhatsApp session keys.