NewApp Digest
search bot

APKs

NFCShare Android malware spreads via fake banking app updates on GitHub
AppWizard
June 8, 2026

NFCShare Android malware spreads via fake banking app updates on GitHub

New variants of the NFCShare Android malware are disguised as fake updates for legitimate banking applications and are targeting customers of various banks in Europe through a phishing campaign to steal sensitive payment card data. The malware prompts victims to place their cards near the NFC chip of their mobile devices, using Android’s IsoDep interface to read card information, including card number, type, expiry date, and a 4-digit PIN. The stolen data is exfiltrated to the attacker’s command-and-control host via a WebSocket channel. Recent attacks began on May 14, with victims directed to a phishing site that impersonates a legitimate bank and then to a GitHub repository hosting a malicious APK file. The repository has hosted 56 unique APKs impersonating banking applications primarily from Italy and Spain. The malware has evolved from initially targeting Deutsche Bank in Germany to a broader range of banks. The latest version features malformed APK packaging to complicate automated analysis. Users are advised to download banking applications only from Google Play and to be cautious of verification requests that ask for NFC card scans.
Survey shows most of you are still sideloading apps
AppWizard
June 8, 2026

Survey shows most of you are still sideloading apps

Google implemented new restrictions on the installation of applications from sources outside the Play Store. A poll by Android Authority found that 43% of 3,661 respondents regularly sideload applications, while just over a third reported doing so a few times. About 20% claimed they had never installed apps from outside the Play Store.
Morphe users are now patching streaming apps beyond YouTube to skip ads on Android TV
AppWizard
May 26, 2026

Morphe users are now patching streaming apps beyond YouTube to skip ads on Android TV

Morphe, an open-source app designed to enhance YouTube and YouTube Music, now allows users to create patches that remove advertisements from streaming services like Paramount Plus and Disney Plus on Android TV. Users can download official APKs or APK bundles, which Morphe modifies with custom patches. A community of users has emerged, utilizing AI tools to develop these patches, with one user sharing their experience of using Claude AI for coding assistance. The process involves downloading specific APK versions, applying patches, saving the modified APK, and transferring it to the Android TV device. While the patches disable ads during shows and movies, they do not provide free access to the services, and live content may still include ads. The community is also exploring patches for Peacock, but they are currently limited to mobile devices. Using modified APKs carries risks, including potential breaches of service terms and security vulnerabilities.
Google's AI Studio enables rapid Android app creation in minutes
AppWizard
May 20, 2026

Google’s AI Studio enables rapid Android app creation in minutes

Google has introduced enhanced web-based AI tools in its AI Studio platform, allowing users to generate complete native Android applications from natural-language prompts. This process enables individuals without programming skills to create installable APKs in minutes. The Build mode accepts plain-English descriptions to construct comprehensive native Android projects, which can then be customized in Android Studio. The tools support integration with third-party APIs and Web3 SDKs, allowing AI-generated apps to interact with blockchain functionalities. This development offers opportunities for the cryptocurrency sector, enabling decentralized finance protocols or wallet providers to create lightweight companion apps without extensive engineering teams. The integration with the Android ecosystem positions Google to reshape competitive dynamics in mobile app development. However, there are security concerns regarding the AI-generated code, particularly related to vulnerabilities in rapidly generated mobile apps that interact with smart contracts.
Google expands AI Studio to generate Android apps
AppWizard
May 20, 2026

Google expands AI Studio to generate Android apps

Google has introduced a new "Build" mode in its web-based AI Studio, allowing users to generate complete native Android projects using plain-English prompts, resulting in importable source files and installable APKs in minutes. This feature is powered by Gemini 2.5 Pro and Gemini 3 Pro, and the generated projects are compatible with Android Studio. The tools support third-party APIs and Web3 SDKs for wallet functionalities and token transactions. YouTube tutorials are available to help developers build functional apps in real time. While this feature reduces prototyping friction, it raises considerations regarding code quality, security, and maintainability for developers.
Your Android security and privacy got huge upgrades—The Android Show reveals all
AppWizard
May 12, 2026

Your Android security and privacy got huge upgrades—The Android Show reveals all

Google announced significant security and privacy enhancements at the Android Show, including features in the upcoming Android 17. Users will have increased transparency regarding location access and can manage which apps track their location. New protections against banking scams and a "Mark as Lost" feature with biometric security will be introduced. A "temporary precise location" button will allow quick access to surroundings while preventing unwanted tracking. Live Threat Detection will receive an upgrade for 2026, focusing on harmful behaviors like SMS forwarding. Dynamic signal monitoring will alert users to suspicious app behavior. Improvements to the Advanced Protection program include USB Protection for all Pixel devices running Android 16 or higher and Intrusion Logging for all Android 16 devices with the December update. Chrome on Android will enhance Safe Browsing to analyze APKs for malware. The "Mark as Lost" feature will allow biometric locking of devices, hide Quick Settings, and disable new connections. Theft protections will be enabled by default in several countries, including Argentina, Chile, Colombia, Mexico, and the U.K.
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
BetaBeacon
May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
BetaBeacon
May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.
ScarCruft hackers push BirdCall Android malware via game platform
BetaBeacon
May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.
North Koreans Spy on Defectors Via Android Game Apps
AppWizard
May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.
Search