sideloading

Tech Optimizer
July 10, 2026
Cybercriminals are exploiting the VLC media player to install ValleyRAT, a remote access trojan, by embedding malware in a seemingly harmless file linked in phishing emails. The attack starts with an email that prompts the victim to download a ZIP archive containing a fake VLC executable and a malicious DLL named libvlc.dll. This method uses DLL sideloading to execute the malware under the guise of a legitimate application. Once executed, the malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, including assessing system characteristics before executing harmful actions and using a fileless approach to deliver the payload directly into memory. Researchers have identified indicators of compromise, including specific SHA1 hashes and URLs associated with the malicious campaign.
AppWizard
July 6, 2026
Users of Android Auto are experiencing significant crashing issues, particularly after the release of version 17.2, with some instability also noted in version 17.1. The application crashes shortly after launch, often when users navigate the map or select media, causing the vehicle's display to revert to the native infotainment system. Most affected users are part of the Android Auto beta program, while those on the stable track using version 17.0 have not reported similar problems. Users can revert to a more stable version by exiting the Play Store beta program, uninstalling updates, or sideloading an APK of a previous version.
AppWizard
July 6, 2026
LineageOS will not be affected by Google's upcoming developer verification system, which applies only to certified Android devices that come with Google Mobile Services (GMS). LineageOS operates independently of GMS and does not go through Google's certification process, making it exempt from the new requirements. Starting September 30, 2026, Android devices in Brazil, Indonesia, Singapore, and Thailand will require all apps to be registered to a verified developer, with a global rollout in 2027. LineageOS has stated that it does not include the verification feature in its ROM and is unaware of any GApps package that would enable it. The project may disable the verification feature if integrated into Play Services in the future. LineageOS acknowledges concerns from organizations like F-Droid and the EFF regarding the potential for increased control over app distribution by Google.
AppWizard
July 5, 2026
Android Auto can be expanded through the installation of third-party applications, allowing users to go beyond its default navigation and media functionalities. To sideload apps, users must enable Developer Mode on their Android device and for Android Auto, then install the Android Auto Apps Downloader (AAAD) from a GitHub page. Notable third-party apps include CarStream, which allows YouTube streaming while driving, AAMirror for screen mirroring, and Fermata Auto, which supports various multimedia functions. However, sideloading raises safety concerns and may lead to issues with app functionality due to updates from Google.
Tech Optimizer
July 3, 2026
Cybercriminals are using a sophisticated method to bypass security measures by embedding malware within the VLC media player. This campaign exploits VLC to install ValleyRAT, a remote access trojan, through phishing emails that contain links to download a seemingly harmless file. Once the file is opened, it activates a hidden backdoor that evades detection by antivirus solutions. The malware has been active since 2023, with a significant increase in activity noted through 2025 and into 2026, particularly targeting Chinese and Japanese-speaking users. The infection process begins when a victim clicks a link in a phishing email, leading to a ZIP archive containing a disguised executable and a malicious DLL (libvlc.dll). The executable mimics a legitimate VLC file, and when executed, it loads the DLL, allowing the malware to run under the guise of VLC. The malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, such as performing checks on system behavior and using a fileless approach to inject its payload directly into memory, avoiding storage on disk. Researchers recommend training employees to recognize suspicious filenames and deploying endpoint detection tools to identify DLL sideloading behavior. For organizations affected by this campaign, isolating compromised systems and reviewing security logs are critical initial steps. Indicators of compromise include a malicious email domain, a ZIP archive containing a fake VLC executable, and a download URL for ValleyRAT.
AppWizard
June 28, 2026
Playing Windows games on Android has become feasible due to Winlator and open-source technologies like Wine, Box64, and DXVK. User-friendly applications such as GameHub and GameNative have emerged, enhancing mobile gaming experiences to rival dedicated handheld consoles. A major challenge was the reliance on the x86 Windows Steam client, which was resource-intensive on mobile devices. GameNative 1.0 introduced an experimental feature that eliminates the need for the desktop Steam client by using Valve's native Android libraries, improving the gaming experience significantly. Valve released Steamworks SDK version 1.63 in November 2025, which included native ARM64 libraries for Android, allowing for essential Steam functionalities without a translation layer. GameNative integrated these libraries, replacing the desktop client with a more efficient "bionic" Steam client that operates without a user interface, streamlining DRM and matchmaking processes. GameNative now supports Steam Guard TOTP sign-in, enabling smooth authentication and access to the user's Steam library. It downloads games natively, supports cloud saves, and is compatible with most single-player games with Steam DRM. The application boasts a high compatibility rate, with 221 out of 241 games in one user's library showing as compatible. GameNative 1.0 has improved performance with a Vulkan renderer and reworked controller stack. Despite its success, GameNative is not yet available on the Play Store, with nearly a million users sideloading the application. Developers aim to create a Play Store version that complies with Google's policies for easier installation.
Search