APKs Archives

AppWizard

May 20, 2026

Google’s AI Studio enables rapid Android app creation in minutes

Google has introduced enhanced web-based AI tools in its AI Studio platform, allowing users to generate complete native Android applications from natural-language prompts. This process enables individuals without programming skills to create installable APKs in minutes. The Build mode accepts plain-English descriptions to construct comprehensive native Android projects, which can then be customized in Android Studio. The tools support integration with third-party APIs and Web3 SDKs, allowing AI-generated apps to interact with blockchain functionalities. This development offers opportunities for the cryptocurrency sector, enabling decentralized finance protocols or wallet providers to create lightweight companion apps without extensive engineering teams. The integration with the Android ecosystem positions Google to reshape competitive dynamics in mobile app development. However, there are security concerns regarding the AI-generated code, particularly related to vulnerabilities in rapidly generated mobile apps that interact with smart contracts.

AppWizard

May 20, 2026

Google expands AI Studio to generate Android apps

Google has introduced a new "Build" mode in its web-based AI Studio, allowing users to generate complete native Android projects using plain-English prompts, resulting in importable source files and installable APKs in minutes. This feature is powered by Gemini 2.5 Pro and Gemini 3 Pro, and the generated projects are compatible with Android Studio. The tools support third-party APIs and Web3 SDKs for wallet functionalities and token transactions. YouTube tutorials are available to help developers build functional apps in real time. While this feature reduces prototyping friction, it raises considerations regarding code quality, security, and maintainability for developers.

AppWizard

May 12, 2026

Your Android security and privacy got huge upgrades—The Android Show reveals all

Google announced significant security and privacy enhancements at the Android Show, including features in the upcoming Android 17. Users will have increased transparency regarding location access and can manage which apps track their location. New protections against banking scams and a "Mark as Lost" feature with biometric security will be introduced. A "temporary precise location" button will allow quick access to surroundings while preventing unwanted tracking. Live Threat Detection will receive an upgrade for 2026, focusing on harmful behaviors like SMS forwarding. Dynamic signal monitoring will alert users to suspicious app behavior. Improvements to the Advanced Protection program include USB Protection for all Pixel devices running Android 16 or higher and Intrusion Logging for all Android 16 devices with the December update. Chrome on Android will enhance Safe Browsing to analyze APKs for malware. The "Mark as Lost" feature will allow biometric locking of devices, hide Quick Settings, and disable new connections. Theft protections will be enabled by default in several countries, including Argentina, Chile, Colombia, Mexico, and the U.K.

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 25, 2026

10 awesome Shizuku apps I use to level up my Android experience

Shizuku is an open-source tool that connects elevated Android functionalities with third-party applications, enabling access to previously restricted features. Canta allows users to uninstall any app, including bloatware and system applications, on devices like Samsung, providing guidance on safe uninstallation. ColorBlendr enhances control over Android's color-picking system, allowing users to select colors from wallpapers and standard palettes. Essentials is a toolkit for Pixel and other Android devices that unlocks hidden settings for granular adjustments and includes tools like a real-time distance calculator. Smartspacer extends the At A Glance widget's functionality beyond Pixel devices, integrating information from various sources. ShizuWall is a firewall that prevents selected apps from accessing the internet without needing a VPN or Private DNS. aShell You allows users to run ADB commands directly on their device, featuring a list of commands and bookmark support. Install With Options streamlines APK installation with modifications like bypassing SDK limits and downgrading apps. Adaptive Theme automatically switches between Dark and Light modes based on ambient light levels. SD Maid SE is a storage-cleanup tool that identifies and removes unnecessary files, with enhanced capabilities when used with Shizuku. Shappky enables users to terminate any running app, including system apps, with a simple tap.

AppWizard

April 21, 2026

NGate Android malware uses HandyPay NFC app to steal card data

A new variant of the NGate malware targets Android users by disguising itself within a trojanized version of the HandyPay app, which is a legitimate mobile payment processing application. This malware, documented since mid-2024, siphons payment card information through the mobile device's near-field communication (NFC) chip and sends the stolen data directly to attackers, who create virtual cards for unauthorized purchases or cash withdrawals from NFC-enabled ATMs. The new variant has been injected with malicious code into the HandyPay app, which has been available on Google Play since 2021. The code includes emojis, indicating the possible use of a generative AI tool in its development. The shift from previous iterations, which used an open-source tool named NFCGate, to HandyPay is likely motivated by financial considerations and the need for evasion, as HandyPay is more affordable and requires fewer permissions. This NGate variant has been active since November 2025, primarily targeting Android devices in Brazil. It employs two main distribution methods: a counterfeit app named “Proteção Cartão” hosted on a fraudulent Google Play page and a fake lottery website that redirects users to WhatsApp to download the malicious APK. Upon installation, the app prompts users to set it as their default NFC payment application, requests their card PIN, and instructs them to tap their card on the phone for reading, transmitting all collected information to an attacker's email address. To protect against such threats, Android users are advised to avoid downloading APKs from outside Google Play, disable NFC when not in use, and use Play Protect to scan for threats.