APK files Archives

AppWizard

March 25, 2026

Android app sideloading is about to get more complicated – Here’s what you’ll do

Google has updated the method for side-loading apps on Android devices to enhance user safety. Users must first enable Developer Mode in their settings. After this, they will be prompted to confirm if they are being guided through the process. There will be a delay before side-loading can begin, requiring a device reboot and a one-day waiting period to prevent scams. Users must then verify their identity using biometrics or a PIN. Finally, they can choose to enable side-loading for one week or permanently, with the latter option exempting them from future reauthorization.

AppWizard

March 20, 2026

Certified Android devices won’t let user sideload APK app files anymore, or at least it won’t be straightforward

Starting September 2026, Google will regulate the sideloading of apps through APK files on certified Android devices. Users will need to pay a fee, agree to terms and conditions, provide government identification, upload evidence of the developer's private signing key, and list all application identifiers. There are three methods for sideloading: 1. Sideloading from verified developers, requiring a verification process. 2. Sideloading from developers with limited distribution accounts, allowing sharing with up to 20 devices without ID or fees. 3. Sideloading from unverified developers, which involves enabling developer mode, confirming the user is not being scammed, restarting the phone, waiting 24 hours, and confirming identity through biometric authentication or device PIN. These changes aim to enhance security and reduce scams while still allowing some flexibility for developers.

AppWizard

February 24, 2026

Android mental health apps with 14.7M installs filled with security flaws

Recent analysis by Oversecured identified 1,575 security vulnerabilities across ten mental health mobile applications, which include 54 high-severity, 538 medium-severity, and 983 low-severity issues. These apps, with over 14.7 million downloads, assist users with conditions like clinical depression and anxiety. Vulnerabilities include improper handling of user-supplied URIs, weak local data storage practices, and cryptographically weak session token generation. Six of the ten apps had no high-severity vulnerabilities, but medium-severity issues still pose risks to user privacy. The scans were conducted between January 22 and 23, 2026, and only four apps had received recent updates.

AppWizard

February 19, 2026

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have identified a new Android trojan named Massiv, designed for device takeover attacks targeting financial theft. It disguises itself as IPTV applications and poses risks to mobile banking users by allowing operators to remotely control infected devices for fraudulent transactions. The malware was first detected in campaigns targeting users in Portugal and Greece, with features including screen streaming, keylogging, SMS interception, and fake overlays for credential theft. One campaign specifically targeted the gov.pt application to deceive users into providing sensitive information. Massiv can execute various malicious actions, such as altering device settings, sending device information, and downloading malicious files. It is distributed through dropper applications that mimic IPTV services, often via SMS phishing. The malware operates in the background while the dropper appears as a legitimate app. Recent campaigns have focused on regions like Spain, Portugal, France, and Turkey, indicating a growing threat landscape. The operators of Massiv are developing it further, suggesting intentions to offer it as a Malware-as-a-Service.

Tech Optimizer

February 18, 2026

Fake Antivirus Program Threatens Android Phones and Steals Data – Jordan News | Latest News from Jordan, MENA

Cybersecurity experts have identified a malicious campaign targeting Android users through a counterfeit antivirus application called TrustBastion. This app serves as a vehicle for distributing malware that steals personal and banking information and provides attackers with remote access to infected devices. TrustBastion has been found on Hugging Face, complicating detection for users. The app masquerades as a legitimate security tool, prompting users to install a “necessary update” that contains malicious code. Once activated, the malware captures screenshots, displays fake login pages for financial services, and records sensitive information, which is sent to the hackers' servers. Attackers frequently re-upload modified versions of the app, maintaining its harmful functionality. Users are advised to download apps only from official stores, review ratings, and avoid untrusted APK files. Installing reputable antivirus solutions and activating Google Play Protect is recommended for enhanced security.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

BetaBeacon

February 10, 2026

Download Google Play Store (free) for Android, APK and Web App

The Google Play Store is essential for Android users to access a wide collection of trusted and regularly updated applications.

AppWizard

January 30, 2026

Hugging Face AI platform used to deliver Android malware via fake apps: don’t fall for this

Hackers are exploiting the Hugging Face AI platform to distribute Android malware through a counterfeit application. The malware, identified by cybersecurity firm Bitdefender, first appeared in an application named TrustBastion. Hugging Face lacks robust filtering mechanisms to regulate user-uploaded content, raising security concerns. Users are advised to download apps only from reputable sources, read reviews, check download numbers and ratings, avoid sideloading APK files, verify publishers and URLs, and regularly scan their devices with Play Protect and antivirus applications.

AppWizard

January 15, 2026

APKPure Strengthens Multi-Layer Security Framework to Enhance Protection for Android App Downloads

APKPure has enhanced its multi-layer security framework to improve user protection against security threats. Each app submitted undergoes a thorough human review process, including developer identity verification and compliance checks. APKPure distributes only original APK files signed by verified developers, matching signatures to official releases. The platform conducts regular scans using VirusTotal and collaborates with developers to ensure authorized app distribution. APKPure regularly audits listed apps and responds quickly to security alerts or DMCA reports. It offers two platforms: APKPure Official for a comprehensive experience and APKPure Lite for optimized downloads. Both platforms share the same verified app library and security measures, supporting over 200 regions and 23 languages.

AppWizard

December 25, 2025

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Threat actors in Uzbekistan are increasingly using sophisticated tactics to target mobile users, specifically through malicious dropper applications that appear as legitimate software. A recent analysis by Group-IB identified an Android SMS stealer called Wonderland, which was previously known as WretchedCat. Unlike traditional Trojan APKs that activate malware immediately upon installation, Wonderland utilizes droppers that activate malicious payloads locally after installation, even without an internet connection. Wonderland enables bidirectional command-and-control communication, allowing real-time execution of commands, including SMS theft and USSD requests. It disguises itself as Google Play or various file formats to evade detection. The financially motivated group behind this malware, TrickyWonders, uses Telegram for coordination and was first detected in November 2023. Wonderland is associated with two dropper families: MidnightDat and RoundRift. Propagation methods for Wonderland include counterfeit Google Play Store pages, Facebook ads, and fake accounts on dating apps. Attackers exploit stolen Telegram sessions from Uzbek users to distribute APK files. Once installed, Wonderland can access SMS messages, intercept one-time passwords, and siphon funds from victims' bank accounts. It can also retrieve phone numbers, exfiltrate contact lists, suppress security alerts, and send SMS messages from compromised devices. Users must enable installations from unknown sources to sideload the app, often misled by a fake update screen. If granted permissions, attackers can hijack the phone number and log into the associated Telegram account, perpetuating the malware's spread. Wonderland represents a significant evolution in mobile malware in Uzbekistan, moving from basic malware like Ajina.Banker to more sophisticated variants like Qwizzserial. The use of dropper applications enhances its deceptive nature, allowing it to evade security checks. Both the dropper and SMS stealer components are heavily obfuscated, complicating reverse engineering. The supporting infrastructure for Wonderland is dynamic, with rapidly changing domains complicating monitoring efforts. Malicious APKs are generated through a Telegram bot and distributed by a network of threat actors. New strains of malware, such as Cellik, Frogblight, and NexusRoute, have also emerged, each capable of harvesting sensitive information from compromised devices.