APKs Archives

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

BetaBeacon

February 10, 2026

Download Google Play Store (free) for Android, APK and Web App

The Google Play Store is essential for Android users to access a wide collection of trusted and regularly updated applications.

Winsage

January 31, 2026

I tried QuickLook for Windows, and now I won’t give it up

The author transitioned from Windows to Mac and discovered macOS features like Spotlight Search, Hot Corners, a built-in file converter, and QuickLook, which enhanced their user experience. Upon returning to Windows, they sought alternatives and found the QuickLook app, which allows users to preview files by selecting them and pressing the space bar. QuickLook can be downloaded from the Microsoft Store and operates system-wide, enabling previews of various file types, including documents, images, media files, and compressed ZIP files. The app also allows basic modifications, such as editing text in Word documents and cropping images. QuickLook improves file browsing in Windows File Explorer and Open/Save dialog boxes and supports plugins for specialized file types.

BetaBeacon

January 7, 2026

Google Updates Play Store Policies for Paid Game Trials on Android

The Play Store version 49.6.19-29 hints at a new feature that could revolutionize the way users interact with paid Android games. This feature would allow users to test premium games for free for a limited time, essentially turning them into timed demos without the need for additional apps or features.

Tech Optimizer

January 4, 2026

Best Antivirus for Mobile Security in 2026

In 2026, mobile security has become essential due to the increasing management of sensitive tasks by smartphones, making them targets for cybercriminals who use advanced tactics such as harmful apps, phishing scams, QR code fraud, and sophisticated malware. The top four mobile antivirus and security applications of 2026 are: 1. TraceX Guard - Best overall mobile security in 2026, designed for India with AI-powered, real-time protection, focusing on region-specific scams and offering multilingual support. 2. Bitdefender Mobile Security - Premium antivirus with excellent malware detection and privacy tools, including real-time app scanning and a built-in VPN. 3. Norton Mobile Security - Trusted global antivirus providing strong all-round protection, including real-time malware protection and Wi-Fi security alerts. 4. McAfee Mobile Security - All-in-one solution featuring antivirus, identity monitoring, and a secure VPN. TraceX Guard excels in detecting and blocking scams specific to India, such as fake loan apps and phishing links in regional languages. Its key features include AI-driven malware detection, APK installation protection, QR code and URL risk scanning, network security, identity protection, and multilingual support. Bitdefender offers real-time scanning, advanced anti-phishing protection, a built-in VPN, and privacy monitoring. Norton provides malware protection, app safety, and network security alerts. McAfee combines malware detection with identity monitoring and secure browsing features. When choosing a mobile antivirus app, users should consider their location and threat exposure, with TraceX Guard recommended for India-specific protection, Bitdefender for premium features, Norton for reliability, and McAfee for an all-in-one solution.

AppWizard

January 4, 2026

How to Get Minecraft APK Safely?

Minecraft is a popular game that has been engaging players for over ten years, allowing for creativity and exploration. The term "Minecraft APK" refers to the Android Package Kit used to install the game on Android devices. Players may seek the APK for various reasons, such as lack of Google Play support on their device, using an Amazon Fire tablet, or wanting to reinstall the game after switching devices. However, downloading the APK from unofficial sources poses risks, including malware, compromised accounts, game crashes, bans from online servers, and legal issues, as Minecraft is a paid title developed by Mojang and owned by Microsoft. To obtain Minecraft on Android safely, players can use the Google Play Store, which is the recommended method, or the official Minecraft Trial available for free. Users of Amazon Fire tablets can download the game from the Amazon Appstore. Advanced users may need to manually install an APK from official channels, ensuring to enable and disable the "Install unknown apps" setting cautiously. Players should avoid modded or cracked APKs, websites requiring surveys, and files demanding unrelated permissions to protect their devices and personal information. Minecraft on Android offers cross-play capabilities, regular updates, access to realms and online servers, and stable performance, making it a valuable mobile gaming option.

AppWizard

December 25, 2025

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Threat actors in Uzbekistan are increasingly using sophisticated tactics to target mobile users, specifically through malicious dropper applications that appear as legitimate software. A recent analysis by Group-IB identified an Android SMS stealer called Wonderland, which was previously known as WretchedCat. Unlike traditional Trojan APKs that activate malware immediately upon installation, Wonderland utilizes droppers that activate malicious payloads locally after installation, even without an internet connection. Wonderland enables bidirectional command-and-control communication, allowing real-time execution of commands, including SMS theft and USSD requests. It disguises itself as Google Play or various file formats to evade detection. The financially motivated group behind this malware, TrickyWonders, uses Telegram for coordination and was first detected in November 2023. Wonderland is associated with two dropper families: MidnightDat and RoundRift. Propagation methods for Wonderland include counterfeit Google Play Store pages, Facebook ads, and fake accounts on dating apps. Attackers exploit stolen Telegram sessions from Uzbek users to distribute APK files. Once installed, Wonderland can access SMS messages, intercept one-time passwords, and siphon funds from victims' bank accounts. It can also retrieve phone numbers, exfiltrate contact lists, suppress security alerts, and send SMS messages from compromised devices. Users must enable installations from unknown sources to sideload the app, often misled by a fake update screen. If granted permissions, attackers can hijack the phone number and log into the associated Telegram account, perpetuating the malware's spread. Wonderland represents a significant evolution in mobile malware in Uzbekistan, moving from basic malware like Ajina.Banker to more sophisticated variants like Qwizzserial. The use of dropper applications enhances its deceptive nature, allowing it to evade security checks. Both the dropper and SMS stealer components are heavily obfuscated, complicating reverse engineering. The supporting infrastructure for Wonderland is dynamic, with rapidly changing domains complicating monitoring efforts. Malicious APKs are generated through a Telegram bot and distributed by a network of threat actors. New strains of malware, such as Cellik, Frogblight, and NexusRoute, have also emerged, each capable of harvesting sensitive information from compromised devices.

AppWizard

December 22, 2025

4 Ways To Use Android Apps On Your Mac Or PC

You can access Android apps on your PC or Mac through various methods. 1. Phone Link: Windows 11 allows you to sync your Android phone with your PC using the Phone Link app, enabling you to send texts, make calls, browse photos, and launch Android apps. To set it up, both devices must be on the same Wi-Fi network, and you need to install the Link to Windows app on your Android device. 2. Google Play Games: This desktop application lets you play Android games on Windows. Minimum requirements include Windows 10, 10GB SSD storage, 8GB RAM, and Intel UHD Graphics 630. You can download it from the Google Play Games website. 3. MuMuPlayer: An Android emulator that recreates the Android OS environment on your computer. It requires Windows 7 or later, a quad-core i5-7500 CPU, 4GB RAM, and 2GB free disk space. You can download and install it, then access the Play Store to run Android apps. 4. ScrCpy: An open-source tool for mirroring and controlling your Android screen on your computer via a wired connection. You need to enable Developer options and USB debugging on your Android phone, then connect it to your computer and run ScrCpy to mirror the screen. Each method has specific requirements and setup instructions.

AppWizard

December 18, 2025

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

A new Android malware campaign has been launched by the North Korean threat actor Kimsuky, introducing a variant called DocSwap. This malware is distributed via QR codes on phishing websites that impersonate CJ Logistics. Attackers use QR codes and notification pop-ups to lure victims into downloading the malware, which decrypts an embedded APK and activates Remote Access Trojan (RAT) capabilities. The malicious app is disguised as a legitimate application to bypass Android's security measures. Victims are tricked into installing the app through smishing texts or phishing emails that mimic delivery companies. The app downloads an APK named "SecDelivery.apk," which then loads the malware. It requests permissions to access various device functions and registers a service that simulates an OTP authentication screen. The app connects to an attacker-controlled server, allowing execution of commands such as logging keystrokes, capturing audio, and gathering sensitive information. Additionally, two other malicious samples have been identified, disguised as a P2B Airdrop app and a trojanized version of the BYCOM VPN app. The campaign also includes phishing sites mimicking popular South Korean platforms to capture user credentials.