third-party app store Archives

AppWizard

March 14, 2025

New North Korean Android spyware slips onto Google Play

A new Android spyware called KoSpy has been linked to North Korean threat actors, specifically the group APT37 (ScarCruft), and has infiltrated Google Play and APKPure through malicious applications. The campaign has been active since March 2022, targeting Korean and English-speaking users with apps disguised as file managers, security tools, and software updaters. Five identified applications involved are: 휴대폰 관리자 (Phone Manager), File Manager (com.file.exploer), 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. KoSpy retrieves an encrypted configuration file from a Firebase Firestore database and connects to a command and control (C2) server, allowing it to evade detection. Its data collection capabilities include intercepting SMS and call logs, real-time GPS tracking, reading files, using the microphone and camera, taking screenshots, and recording keystrokes. Each application operates with a distinct Firebase project and C2 server for data exfiltration, with data encrypted using a hardcoded AES key. Although the spyware apps have been removed, users are advised to manually uninstall them and use security tools to eliminate any remnants. Google Play Protect can block known malicious apps, and all identified KoSpy applications have been removed from Google Play.

AppWizard

March 12, 2025

Not for the first time: North Korean hackers used fake apps to spread spyware on Android

Malware, specifically a new spyware variant called KoSpy, has been linked to a North Korean hacking group known as ScarCruft (APT37). Researchers at Lookout Threat Lab discovered KoSpy concealed within deceptive applications like file managers and security software. Once installed, it can extract sensitive information such as SMS messages, call logs, device location, and access files. It can also record audio and video, capture screenshots, and log keystrokes. The data collected is transmitted to Command and Control servers encrypted with a hardcoded AES key and utilizes Firebase Firestore for configuration data. At least one malicious application associated with KoSpy was found on the Google Play Store, downloaded over ten times, and similar apps were also on third-party app store APKPure. Google has since removed the identified applications and deactivated the related Firebase projects.

AppWizard

March 12, 2025

North Korean government hackers snuck spyware on Android app store

A report from cybersecurity firm Lookout reveals that North Korean hackers have uploaded Android spyware, named KoSpy, onto the Google Play app store, which has been downloaded over ten times. The spyware masquerades as a file manager and is designed for surveillance, collecting data such as SMS messages, call logs, device location, files, keystrokes, Wi-Fi details, installed apps, audio recordings, images, and screenshots. Google has removed the identified apps from the Play Store and deactivated associated Firebase projects. Lookout also found instances of KoSpy on the third-party app store APKPure. The campaign appears targeted at individuals in South Korea who speak English or Korean, with links to North Korean hacking groups APT37 and APT43.

AppWizard

February 23, 2025

Amazon to Shut Down Android App Store, Ending a Decade-Long Experiment

Amazon will close its Amazon Appstore for Android devices on August 20, 2025, after 14 years of operation. The closure includes the discontinuation of Amazon Coins, which are used for in-app purchases. Developers will no longer be able to submit new apps after this date, although existing apps will remain available until then. Amazon plans to focus on its Appstore for its own devices, such as Fire TV and Fire Tablets, where most of its customers engage with the platform. The Appstore was launched in 2011 as a competitor to Google Play but struggled to gain traction outside of Amazon's ecosystem. Additionally, Amazon will discontinue support for the Appstore on Windows 11 on March 5, 2025. Security concerns have also been raised regarding the Appstore, including incidents of malware found within it.

BetaBeacon

December 17, 2024

Epic Games Store to be Pre-installed on Android Telefónica Phones

Epic Games has partnered with Telefónica to pre-install the Epic Games Store on Android devices, giving users direct access to games like Fortnite. Epic plans to expand the partnership in the future to bring more third-party titles to mobile gamers.

AppWizard

October 17, 2024

Android 15 extends ‘app archiving’ to F-Droid third-party app store

Android 15 will extend the 'app archiving' feature to F-Droid, making it the first third-party app store to support this functionality. This change allows users to archive and unarchive apps from F-Droid similarly to apps from the Google Play Store. The integration will enable users to manage their app storage more effectively and restore archived apps easily. This decision by Google to relax restrictions on app archiving is seen as a response to regulatory scrutiny, promoting a more open ecosystem.

AppWizard

October 16, 2024

F-Droid is the first third-party app store to support Android 15’s app archiving feature

F-Droid is the first third-party app store to implement the app archiving feature introduced in Android 15, allowing users to remove installation files while retaining app data. This feature was previously exclusive to the Google Play Store. F-Droid's upcoming version 1.22 will include this functionality, enabling seamless archiving and unarchiving of apps. The feature is compatible with all Android app formats, despite F-Droid primarily distributing apps in APK format. Recent enhancements in Android have included new APIs for app updates and now app archiving, which have been extended to third-party launchers as well.