Jakarta, domclub Indonesia
—
Third party applications for
AndroidTV
, SmartTube, became a nest
malware
after which hackers can break into developers’ systems and distribute malicious updates to users.
The incident came to light after several users reported that Play Protect, Android’s built-in antivirus module, blocked SmartTube on their devices and warned about the risks.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
SmartTube developer Yuriy Yuliskov said his digital keys were hacked last weekend, resulting in the insertion of malware into the app.
Yuliskov revoked the old sign-in key and said he would soon publish a new version with a separate app ID, while encouraging users to switch to it.
SmartTube is one of the most downloaded YouTube third-party platforms for Android TV, Fire TV stick, Android TV box, and similar devices.
Its popularity is because this application is free, can block ads, and works well on devices with low specifications.
A user who reverse engineered the compromised SmartTube version number 30.51 discovered that the app contained
native libraries
hidden name libalphasdk.so [VirusTotal].This library is not contained in the public source code, so it is thought to be inserted into the release build.
“Probably malware. This file is not part of my project or any SDK I use. Its presence in the APK is unexpected and suspicious. I advise caution until its origin is verified,” Yuliskov said in a GitHub thread, quoted from
Bleeping Computer
,
Monday (1/12).
Libraries
it runs silently in the background without user interaction, fingerprinting the host device, registering it with a remote backend, and periodically sending metrics and fetching configurations over an encrypted communication channel.
All of this happens without any visual indication to the user.While there is no evidence of malicious activity such as account theft or participation in DDoS botnets, the risk of facilitating such activity remains high.
Although the developer announced on Telegram about the release of a safe and stable beta version, it has not yet reached the project’s official GitHub repository.
Additionally, the developers have not provided full details about what actually happened, which has raised trust issues in the community.
Furthermore, Yuliskov promised to address all concerns once the final release of the new app is published on the F-Droid store.
Until the developer transparently discloses all details publicly in a detailed post-incident report, users are advised to stick with older versions that are known to be safe, avoid logging in with premium accounts, and turn off automatic updates.
Affected users are also advised to reset their Google account passwords, check the account console for unauthorized access, and remove services they do not recognize.
At this time, it is unclear exactly when the breach occurred or which versions of SmartTube are safe to use.One user reported that Play Protect does not detect version 30.19, so it seems safe.
“Several older builds that appeared on GitHub were accidentally compromised due to malware that was on my development machine when they were created. As soon as I became aware of the problem in late November, I immediately wiped the system and cleaned the environment, including the GitHub repository,” explains Yuliskov.
“I became aware of the malware problem around version 30.47, but based on recent user reports, the problem started appearing around version 30.43. So, according to my understanding, the infected version is 30.43-30.47,” he added.
He said the new key will be applied for versions 30.55 and above.
“After cleaning the environment, some builds were released using the previous key (prepared on a clean system), but starting from version 30.55 onwards, I switched to the new key for full security. The hash difference for 30.47 Stable v7a was likely caused by an attempt to restore that build after cleaning the infected system,” he concluded.
(lom/dmi)
[Gambas:domclub Video]
Read More: Leopard Shark Stranded on Purworejo Beach, 4 Meters Length, Weight 1 Ton
Read More: MBG Kitchen’s Rp. 6 million incentive will be cut if it doesn’t comply with the SOP
