The news: Two parallel threat reports confirm a sharp concentration of malware targeting Android and iOS mobile ecosystems. 

• Google’s Play Store hosted 50 infected apps, which have been downloaded 2,300,000 times as of March 30, 2026 using “NoVoice” rootkit malware, per Forbes.
• Apple's iPhones faced a threat called 'DarkSword'—a series of six security holes that worked together, allowing a hacker to take over devices when users visited a single website. The exploit was patched as of April 1, 2026, per Malwarebytes.

Google pulled the 50 infected apps and activated Play Protect to scrub them from devices, while Apple rushed out emergency patches to older and newer devices alike.

Zooming in: Both the Android and iOS examples reflect an emerging trend: Phones are becoming the prime targets for criminals looking to steal personal data, spy on users, and take control of their systems.

The threat on Android: On Android phones, the NoVoice malware hides inside harmless-looking apps like photo galleries, games, or battery savers. 

• Once installed, it quietly tries to break into the phone's core system. If successful, a hacker can remotely access company emails, steal login credentials, and monitor every app a target opens. 
• For a business, this could mean leaked client data, stolen financial records, or a hacker moving from an employee's phone into the corporate network.

The threat on iPhones: On iPhones, the DarkSword exploit requires even less from the user. Just visiting a website—perhaps through a news link or a sponsored ad—can trigger the attack with no tapping, downloading, or warning signs. 

• Once inside, a hacker could read internal Slack messages, access VPN configurations, or record sensitive meetings through the phone's microphone. 
• For a company, this could mean trade secrets exposed, executive communications intercepted, or a backdoor planted into the entire IT system.

What brands should do: Require updated devices, educate employees to stop ignoring update prompts, and treat every phone as a potential entry point to your corporate network—because Google and Apple can patch the problem, but they can't force users to install those patches.

This content is part of EMARKETER’s subscription Briefings, where we pair daily updates with data and analysis from forecasts and research reports. Our Briefings prepare you to start your day informed, to provide critical insights in an important meeting, and to understand the context of what’s happening in your industry. Non-clients can click here to get a demo of our full platform and coverage.