APKs Archives

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 25, 2026

10 awesome Shizuku apps I use to level up my Android experience

Shizuku is an open-source tool that connects elevated Android functionalities with third-party applications, enabling access to previously restricted features. Canta allows users to uninstall any app, including bloatware and system applications, on devices like Samsung, providing guidance on safe uninstallation. ColorBlendr enhances control over Android's color-picking system, allowing users to select colors from wallpapers and standard palettes. Essentials is a toolkit for Pixel and other Android devices that unlocks hidden settings for granular adjustments and includes tools like a real-time distance calculator. Smartspacer extends the At A Glance widget's functionality beyond Pixel devices, integrating information from various sources. ShizuWall is a firewall that prevents selected apps from accessing the internet without needing a VPN or Private DNS. aShell You allows users to run ADB commands directly on their device, featuring a list of commands and bookmark support. Install With Options streamlines APK installation with modifications like bypassing SDK limits and downgrading apps. Adaptive Theme automatically switches between Dark and Light modes based on ambient light levels. SD Maid SE is a storage-cleanup tool that identifies and removes unnecessary files, with enhanced capabilities when used with Shizuku. Shappky enables users to terminate any running app, including system apps, with a simple tap.

AppWizard

April 21, 2026

NGate Android malware uses HandyPay NFC app to steal card data

A new variant of the NGate malware targets Android users by disguising itself within a trojanized version of the HandyPay app, which is a legitimate mobile payment processing application. This malware, documented since mid-2024, siphons payment card information through the mobile device's near-field communication (NFC) chip and sends the stolen data directly to attackers, who create virtual cards for unauthorized purchases or cash withdrawals from NFC-enabled ATMs. The new variant has been injected with malicious code into the HandyPay app, which has been available on Google Play since 2021. The code includes emojis, indicating the possible use of a generative AI tool in its development. The shift from previous iterations, which used an open-source tool named NFCGate, to HandyPay is likely motivated by financial considerations and the need for evasion, as HandyPay is more affordable and requires fewer permissions. This NGate variant has been active since November 2025, primarily targeting Android devices in Brazil. It employs two main distribution methods: a counterfeit app named “Proteção Cartão” hosted on a fraudulent Google Play page and a fake lottery website that redirects users to WhatsApp to download the malicious APK. Upon installation, the app prompts users to set it as their default NFC payment application, requests their card PIN, and instructs them to tap their card on the phone for reading, transmitting all collected information to an attacker's email address. To protect against such threats, Android users are advised to avoid downloading APKs from outside Google Play, disable NFC when not in use, and use Play Protect to scan for threats.

AppWizard

April 9, 2026

How to Install XAPK Android Apps on a Windows PC

To install the Seekee app on a Windows PC, users can choose from several methods: 1. Using Bluestacks: This popular Android emulator simplifies the installation process. 2. Using MuMuPlayer: - Install MuMuPlayer on your Windows PC. - Import the XAPK file using the app installation feature. - Launch the app once installation is complete. 3. Manual Installation (if the XAPK does not open correctly): - Create a copy of the XAPK file. - Rename the extension from .xapk to .zip or use an archive tool to extract it. - Identify the package structure, looking for the Android/obb/com.example.app/ folder. - Install the main APK file in the emulator. - Copy the OBB data to the correct folder in the emulator's Android file system. - Launch the app after ensuring both the APK and OBB data are correctly positioned. XAPK installations may fail due to: - Incompatibility with the Android version. - Incomplete packages lacking OBB data or split APK components. - Mismatched package name and OBB folder. - Poorly repacked files. - Incompatible emulator profiles. A troubleshooting checklist includes: - Using BlueStacks with the Install APK option or drag-and-drop feature. - Exploring other emulators like MuMuPlayer. - Checking for app availability on Google Play within the emulator. - Ensuring OBB data is correctly placed. - Testing with different Android versions or emulator instances. - Re-downloading the file from a reliable source if suspected to be corrupted.

AppWizard

April 4, 2026

Android’s controversial sideloading changes pushed me to build my own app installer

Using ADB via the command line can be cumbersome, prompting the desire to create a tailored application focused on the APK installation workflow, including wireless debugging pairing, file browsing, and bundle unpacking. A recent poll indicated that 48% of respondents use ADB fairly often, while 35% have used it once or twice. The author, a moderately skilled programmer, explored AI-assisted "vibe coding" to develop an app in Go, chosen for its simplicity and cross-platform capabilities. The project began with outlining its structure and creating a basic ADB wrapper in Go, which evolved into a functional terminal application within three days of part-time effort. The app, a compact 7MB executable, manages ADB sessions, allows pairing with Android devices over USB or Wi-Fi, includes a file explorer, and supports installing and unpacking various app bundles. Despite its usefulness, the author noted a limited understanding of Go due to reliance on AI for problem-solving. The app's source code is available on the Tiny APK Installer GitHub repository.

AppWizard

March 31, 2026

Free Antivirus for Android: Best Apps to Protect Your Smartphone

Smartphones are integral to daily life, storing emails, banking apps, and social media. The Android operating system is vulnerable to threats like viruses and ransomware. Free Android antivirus tools offer basic protection but have limitations compared to paid versions. Free antivirus solutions focus on malware scanning and threat detection. Bitdefender Mobile Security (Free Version) provides lightweight background operation, real-time scanning, and web protection but lacks anti-theft and VPN features. Norton Mobile Security (Free Tier) offers essential malware scanning, with advanced features available in premium subscriptions. Avast Mobile Security (Free) includes virus scanning, malware protection, and anti-theft tools, allowing users to lock apps and protect against malicious websites. AVG AntiVirus (Free) offers virus, malware, and spyware scanning, real-time updates, and a "Photo Vault" for securing images. Kaspersky Mobile Security (Free) provides basic virus protection and ranks high in malware detection, with additional features available in paid plans. Free antivirus tools detect malware and monitor real-time system activity, alerting users to phishing sites. They may scan files transferred via USB or Bluetooth and offer limited VPN services. Limitations of free antivirus include the absence of advanced features like unlimited VPN, application locking, and anti-theft capabilities. Many rely on ads for revenue, which can disrupt user experience. Choosing the right antivirus depends on usage habits and security concerns. Running multiple antivirus apps can cause conflicts and hinder performance. Upgrading to premium versions may be necessary for comprehensive protection, especially for sensitive tasks. User behavior is crucial for security; regularly updating the OS and applications, using strong passwords, and considering two-factor authentication can enhance protection. Free antivirus apps offer core threat protection but lack advanced features. Most are lightweight, with minimal impact on performance. Regular scans are recommended, and reputable sources should be used for downloads. Free antivirus apps can warn about phishing attempts but cannot eliminate the risk entirely. A built-in VPN is not essential for basic protection but is advisable for public Wi-Fi use.

AppWizard

March 31, 2026

Google Rolls Out Developer Verification for Android Sideloaded Apps

Google introduced developer verification features for the Android Developer Console and Google Play Console on March 30, 2026, to enhance security against malware from sideloaded applications. Sideloaded apps are known to contain over 90 times more malware than those on the Google Play Store. Developers can establish accounts on the Android Developer Console for verification, and existing apps on the Google Play Console will be automatically recognized as verified if they meet the new requirements. The Android developer verification tool will be integrated into Android Studio within two months. The rollout will occur in phases: - April 2026: Introduction of the “Android Developer Verifier” tool. - June 2026: Early access to “Limited Distribution Accounts” for hobbyist developers and students. - August 2026: Global rollout of “Limited Distribution Accounts” and launch of an “Advanced Flow” for installing unverified sideloaded apps. - September 30, 2026: Mandatory registration for apps installed or updated on certified Android devices in select countries, with unregistered apps installable only via ADB or the Advanced Flow. - 2027 and beyond: Global expansion of verification requirements.

AppWizard

March 23, 2026

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

Google has introduced a new mechanism called Advanced Flow within Android to facilitate the sideloading of APKs from unverified developers for power users while enhancing security. This system will launch in August and aims to balance user flexibility with protection against malware and scams, which caused losses of approximately billion last year. To install APKs from unverified developers, users must complete a one-time process that includes activating Developer Mode, confirming they are not influenced by threat actors, restarting the device, and verifying the legitimacy of modifications after a day. Once completed, users can install applications from unverified developers and choose to enable them for a week or indefinitely, with Android providing a warning about the unverified source. The Advanced Flow process is designed to prevent users from being coerced into installing malicious software during scam attempts. Google emphasizes that this system is a compromise between Android's openness and necessary user protections, leading to upcoming developer verification requirements. All Android app publishers will need to undergo identity verification by Google, with non-compliance resulting in blocked software installations on certified Android devices. This verification initiative is now set for rollout in August 2026.