The NoVoice campaign distributed a kernel-level Android rootkit through more than 50 trojanized Google Play applications, accumulating approximately 2.3 million installs before removal; the rootkit targets WhatsApp by exfiltrating Signal Protocol session keys to enable full session cloning on attacker infrastructure. Devices on Android security patch levels dated May 2021 or earlier are reported to have no clean software-based recovery path, requiring device replacement. NOTE: Source quality for this item is 0.56 (secondary outlets); the install figure, CVE identifiers, and specific package names require validation against Android Security Bulletins or a primary research report before use in executive or board-level reporting. Organizations should audit managed Android device patch levels via MDM and flag any BYOD devices with access to corporate resources that cannot confirm current patch status.