app installations Archives

AppWizard

July 23, 2025

Threat Actors Blend Click Fraud Apps and Malware to Steal Android Credentials

Security researchers at Trustwave SpiderLabs have identified a complex cluster of Android malware that combines click fraud, credential theft, and brand impersonation. This malware exploits the Android Package Kit (APK) file format to distribute malicious applications, often through phishing messages or deceptive websites. Users are tricked into installing these APKs, which are disguised as reputable brands or promotional apps. Once installed, the malware takes advantage of Android's permission model to access sensitive resources, primarily for click fraud and traffic redirection to generate illicit revenue. Some variants engage in data collection and credential harvesting, employing advanced evasion tactics to avoid detection, such as using counterfeit Chrome applications and overlay screens. A notable variant includes a spoofed Facebook app that mimics the official interface and connects to a remote command-and-control server for instructions. The malware uses encryption and encoding to secure data exchanges and employs open-source tools to bypass Android's signature verification. Evidence suggests that the operators may be Chinese-speaking, as indicated by the use of Simplified Chinese in the code and the promotion of related APK campaigns on Chinese-speaking underground forums.

AppWizard

July 16, 2025

Konfety Android Malware Exploits ZIP Tricks to Masquerade as Legit Apps on Google Play

Security researchers from zLabs have identified a new version of the Konfety Android malware that uses advanced ZIP-level modifications to avoid detection and mimic legitimate apps on the Google Play Store. The malware employs an "evil-twin" strategy, distributing malicious versions with the same package names as harmless apps. It manipulates the APK's ZIP structure to disrupt reverse engineering tools, allowing it to evade analysis. The installation process on Android can handle these malformed packages without raising alarms. Konfety features a dynamic code loading mechanism, hiding a secondary Dalvik Executable (DEX) file that is decrypted at runtime, which contains malicious components. It integrates with the CaramelAds SDK for ad fraud, while disguising its activities through geofencing and icon concealment. The malware has been linked to previous campaigns and uses decoy applications on the Play Store for camouflage. Upon execution, it redirects users to fraudulent websites, leading to unwanted app installations and compromising user privacy. The threat actors behind Konfety continuously update their tactics to evade detection, highlighting the growing sophistication of Android malware. Users are advised to scrutinize app sources and monitor network activity to mitigate risks.

AppWizard

July 3, 2025

Fake Apps, AI Scams Drive 151% Android Malware Spike, Smishing Grows 692%, Spyware Quadruples

Android malware has surged by 151% since the beginning of the year, with a notable 147% increase in spyware in 2025. Spyware activity peaked in February and March, reaching nearly four times the baseline. Smishing attacks via SMS increased by 692% between April and May. Banking trojans and spyware are increasingly hidden in seemingly legitimate applications, such as fake loan services. Over 30% of Android devices run outdated software lacking security patches, exposing users to vulnerabilities. Cybercriminals are developing interconnected operations that target sensitive user data. Google Play Protect is not fully effective, and users are advised to download apps only from official sources, review app permissions, deny unnecessary notification access, keep software updated, and use trusted mobile security apps.

AppWizard

June 13, 2025

Google To Shut Down Android Instant Apps By End of 2025: What Is It? What Will You Miss?

Google introduced Android Instant Apps in 2017, allowing users to access a lightweight version of an app without full installation. However, Google has announced that support for Instant Apps will be discontinued in December 2025, meaning developers will no longer be able to publish new instant apps or receive support for existing ones. The decision is attributed to low user engagement, prompting a shift towards more effective app promotion methods, such as AI-driven highlights and simultaneous installations. Instant Apps required developers to create compact versions of their applications, which was challenging for complex apps. Most users were unaware of the feature, and its adoption was limited.

AppWizard

June 13, 2025

Google to Sunset Android Instant Apps by End of 2025 Due to Low Usage

Google has announced plans to phase out the Instant Apps feature by December 2025 due to low usage and engagement levels. Instant Apps, launched in 2017, allowed users to access lightweight app versions without installation but struggled to gain widespread adoption. A warning message in Android Studio confirmed the discontinuation, stating that Instant Apps support will be removed, and all related APIs will no longer function. Google aims to invest in more effective tools for app discovery, as developers are increasingly using alternatives that align better with user behavior.

AppWizard

June 8, 2025

These apps tricked Google to list them in the Play Store and you must delete them from your phone

The Google Play Store has been infiltrated by deceptive applications that are part of a phishing campaign, as revealed by an investigation by Cyble. These applications mimic legitimate digital wallets, including names like SushiSwap, PancakeSwap, Hyperliquid, and Raydium, and have utilized over 50 domains to evade detection. The primary threat involves the extraction of users' mnemonic phrases, which are critical for accessing cryptocurrency and tokens. Users are advised to uninstall nine specific apps identified by Cyble: Pancake Swap, Suite Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, SushiSwap, and Harvest Finance Blog, to protect their digital assets. Although many of these malicious apps have been removed from the Play Store, the risk persists for those who still have them installed.

Winsage

May 20, 2025

Windows 10 and 11: Microsoft removes Store fees for individual app developers

Microsoft announced that starting June 2015, individual developers will no longer incur fees to register and submit their apps to the Microsoft Store. This makes the Microsoft Store the first global digital store to offer free app publishing. Corporate developers will still face charges. Additionally, Microsoft is introducing enhancements such as improved hosting for privacy policies, expanded support resources, a policy update for Win32 app installations, promotional campaign capabilities for developers, enhanced health reports, and visibility on when apps were last updated. Microsoft has previously allowed developers to retain all revenue from non-game apps using their billing system, while charging a 12 percent fee for games and a 15 percent fee for apps using Microsoft's retail platform. In 2021, Microsoft expanded the types of applications that can be submitted to the store.

Winsage

April 14, 2025

5 Windows settings I should have disabled a long time ago (and how I did it)

- Disabling background apps can save system resources and improve performance. This can be managed through Settings -> Apps -> Installed apps or the Task Manager. - Hibernate mode may consume significant disk space and is not necessary for daily use; Sleep mode is sufficient for most users. Hibernate can be disabled using the command powercfg /h off or through Control Panel -> Power Options. - Telemetry and diagnostic data collection can be disabled in Settings -> Privacy & Security -> Diagnostics & Feedback, and previously collected data can be deleted to reclaim storage space. - Notifications, tips, and suggestions can be turned off in Settings > System > Notifications to reduce distractions. - The lock screen can be disabled to save resources; Windows 11 Pro users can use the Local Group Policy Editor, while Home users can modify the registry by creating a Notlockscreen DWORD value in the WindowsPersonalization key.

AppWizard

April 5, 2025

Android 16 has a new trick to speed up app installation

Android 16 introduces a feature called cloud compilation, which enhances app installation speed by shifting the compilation process from the device to the cloud. This feature allows application artifacts to be loaded directly from files downloaded via the Google Play Store, rather than being generated on the device. It is particularly beneficial for low-end devices that struggle with processing power or storage speed. The Android Runtime (ART) uses a tool called dex2oat to convert APK’s .dex files into application artifacts, which include .vdex, .odex, and .art files. Cloud compilation retrieves these artifacts from a new format called Secure Dex Metadata (SDM), ensuring application integrity while expediting installation. However, the feature is not yet operational as Google needs to configure the Play Store to generate these artifacts for use during installations.

Winsage

March 17, 2025

Windows 11 gets a tool to control Android phones, but you’re not going to like it

Microsoft's latest feature in Windows 11, Copilot, allows users to control their Android devices from their desktop. Users must manually confirm actions on their phones, such as starting a meditation timer, which requires physical interaction with notifications. Initial tests showed mixed results, with unsuccessful attempts to set alarms and retrieving outdated or deleted messages. This indicates that while Copilot aims to enhance connectivity and assist with daily tasks, its current functionality has limitations.