APK Archives

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

AppWizard

May 4, 2026

‘F-Droid’ allows you to easily install and automatically update free, open-source Android apps other than those on Google Play.

Google Play is a primary platform for Android app distribution but poses challenges for developers of free and open-source software due to registration fees and a strict review process. As an alternative, users can install apps via APK files, which allow direct installation but come with security risks. F-Droid is a dedicated repository for free and open-source Android applications, offering built-in update notifications and support. To use F-Droid, users must manually install the app from its official website. After installation, users can navigate the interface to find and install apps, grant permissions for updates, and manage app installations, including enabling settings for unknown sources. F-Droid provides a user-friendly experience for locating and updating apps, ensuring that users have access to secure and regularly updated software.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 30, 2026

Gemini for Wear OS could also be getting a glow-up soon

Google is preparing to update the Gemini app for Wear OS with the "Gemini App UX 2.0," featuring animated gradient backgrounds and an enhanced user interface. A retail demo video has revealed a new glow animation and updated weather icons, although these features are not yet publicly available. The latest version of the Gemini app is v1.31.56.902760379. The new glow animation is designed to be more dynamic, and the updated weather icons aim to improve clarity and aesthetics. A full demo video showcases these upcoming changes, but they will remain unreleased until an official announcement, likely at the Google I/O event. An APK teardown suggests potential future features, though not all may be included in the final release.

AppWizard

April 30, 2026

Sharing Files From Your Android Phone Just Got Easier With This Free App

Nothing Warp is an app that enables seamless file transfers between any Android device and a computer, compatible with any Android smartphone and computers with a Chromium-based browser. It connects an Android device to a browser extension on a computer using the internet for file sharing. Users can transfer files by tapping the share button on their device and selecting Nothing Warp, or by clicking the Upload button in the browser extension to send files from the computer to the Android device. Currently in Beta testing, Nothing Warp requires a Google account for operation and does not store files, ensuring privacy. Users must install both the mobile app and the browser extension, sign in with the same Google account, and grant necessary permissions for Google Drive access to use the service.

TrendTechie

April 30, 2026

Nano NAS из смартфона

Evenings spent with family watching series and movies can be challenging due to the logistics of accessing content, such as reliance on multiple laptops and cumbersome connections to the television. The author repurposed an old OnePlus 5T smartphone as a media server, utilizing its 64 GB of internal storage by managing content carefully. The setup involves installing Termux and creating a Linux-like environment using PRoot, allowing the phone to retain its dual SIM functionality while deploying media-sharing services. The software selected includes Alpine Linux, sshd, dms (a lightweight DLNA server), and transmission-daemon for torrent management. A step-by-step guide details the installation process, configuration, and tips for optimizing performance. The outcome is a cost-effective solution that transforms the smartphone into a compact DLNA server, accessible over the local network, enabling effortless downloading, sharing, and streaming of films.

AppWizard

April 29, 2026

More ‘Pixel Glow’ clues surface, and they point straight at Gemini

The Pixel smartphones may soon feature a notification system called "Pixel Glow," which could involve a color LED that cycles through red, green, and blue colors when users receive notifications or interact with the Gemini assistant. Code snippets from the Pixel Diagnostics app suggest users might be able to test the LED's functionality, with terms like “Pass,” “Fail,” and “Rerun” indicating a diagnostic process. Additional references in the code include “PixelLights,” “Gemini Glow,” and “Aurora,” hinting at advanced lighting effects. Speculation suggests the LEDs could be integrated into the rear of the device, possibly around the camera or beneath the "G" logo, but the exact design and timeline for release remain unclear.