We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

third-party app stores

Hackers target Taiwan with malware delivered via fake messaging apps
AppWizard
March 28, 2025

Hackers target Taiwan with malware delivered via fake messaging apps

Recent research from cybersecurity firm Sophos has identified the use of PJobRAT malware targeting users in Taiwan through instant messaging applications SangaalLite and CChat, which mimic legitimate platforms. These malicious apps were available for download on various WordPress sites, now taken offline. PJobRAT, an Android remote access trojan first identified in 2019, has been used to steal SMS messages, contacts, device information, documents, and media files. The recent cyber-espionage initiative lasted nearly two years, affecting a limited number of users, indicating a targeted approach by the attackers. The latest version of PJobRAT lacks the ability to steal WhatsApp messages but allows attackers greater control over infected devices. The distribution method for these apps remains unclear, but previous campaigns involved third-party app stores and phishing pages. Upon installation, the apps request extensive permissions and provide basic chat functionalities. Sophos researchers note that threat actors often refine their strategies after campaigns, suggesting ongoing risks.
PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel
AppWizard
March 28, 2025

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT is an Android Remote Access Trojan that re-emerged in 2023, targeting users in Taiwan. Initially known for targeting Indian military personnel, it now disguises itself as benign apps like ‘SangaalLite’ and ‘CChat’, distributed via defunct WordPress sites operational from January 2023 to October 2024, with domain registrations dating back to April 2022. The malware is spread through counterfeit applications resembling legitimate messaging services, prompting users to grant extensive permissions. Enhanced capabilities allow it to execute shell commands, access data from any app, root devices, and communicate with command-and-control servers via Firebase Cloud Messaging and HTTP. The campaign appears to have concluded, highlighting the evolving tactics of threat actors. Users are advised against installing apps from untrusted sources and to use mobile threat detection software.
PJobRAT makes a comeback, takes another crack at chat apps
AppWizard
March 28, 2025

PJobRAT makes a comeback, takes another crack at chat apps

In 2021, PJobRAT, an Android Remote Access Trojan (RAT), targeted Indian military personnel through deceptive apps. A new campaign was discovered in 2023, focusing on users in Taiwan, with malicious apps like ‘SangaalLite’ and CChat disguised as instant messaging applications. These apps were available for download from WordPress sites, which have since been taken down. The campaign began in January 2023, with domains registered as early as April 2022, and the latest sample detected in October 2024. The number of infections was low, indicating a targeted approach rather than a broad attack. The distribution methods remain unclear, but may involve SEO poisoning, malvertising, or phishing. Once installed, the apps request extensive permissions and feature basic chat functionality. Recent versions of PJobRAT have shifted from stealing WhatsApp messages to executing shell commands, allowing greater control over compromised devices. PJobRAT communicates with its command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling the upload of various data types, including SMS, contacts, and files. The now inactive C2 server was located in Germany.
Spyware in bogus Android apps is attributed to North Korean group
AppWizard
March 12, 2025

Spyware in bogus Android apps is attributed to North Korean group

Researchers from Lookout have identified a malware strain named KoSpy, linked to North Korean state-sponsored hackers, specifically the advanced persistent threat group ScarCruft (APT37). KoSpy targets Android devices to surveil Korean and English-speaking users and has been found on the Google Play Store and third-party app stores, disguised as utility applications. The malware can harvest sensitive information, including call logs, text messages, files, audio recordings, screenshots, and user location data. Google has removed all infected applications from its platform, confirming that the latest version was taken down before installations occurred. KoSpy first emerged in March 2022, with new samples appearing as recently as last year. The applications associated with KoSpy often have Korean titles and support both English and Korean languages. KoSpy shares infrastructure with another North Korean hacking group, Kimsuky (APT43), which has conducted spearphishing attacks. ScarCruft has targeted South Korean users and expanded its reach to countries including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and several Middle Eastern nations. In January, ScarCruft was linked to an espionage campaign against media organizations and academics, and in October, it was connected to a malware operation in Southeast Asia.
Badbox is back and a million Android devices were backdoored
AppWizard
March 8, 2025

Badbox is back and a million Android devices were backdoored

Human Security's Satori research team has discovered a new variant of the Badbox malware, known as Badbox 2.0, which has infected nearly a million Android devices, forming a large botnet. This follows the initial outbreak in 2023, where around 74,000 devices were compromised. Badbox 2.0 targets devices running the Android Open Source Project (AOSP), including off-brand smartphones, internet-connected TV boxes, automotive tablets, and digital projectors. Over 200 applications infected with malware have been identified, primarily hosted on third-party app stores, often mimicking legitimate apps from Google’s Play Store. The operation is believed to involve collaboration among four distinct criminal factions, with all infected devices traced back to China. The botnet monetizes through hidden advertisements and ad-click fraud, while also having the capability to steal passwords from infected devices. Efforts by Human Security, Google, Trend Micro, and Shadowserver Foundation have reduced the number of infected devices by half. Many malware modules were labeled "test," indicating the botnet was still developing, and it is expected that the operators will attempt to revive their network using altered tactics. Additionally, a new variant of Mirai malware, named Eleven11bot, has emerged, compromising thousands of devices, particularly targeting HiSilicon-based hardware.
Amazon Shuts Down Appstore for Android Phones After 14 Years: No More Apps Coming to the Platform
AppWizard
February 21, 2025

Amazon Shuts Down Appstore for Android Phones After 14 Years: No More Apps Coming to the Platform

Amazon will close its Appstore for Android smartphones on August 20, marking the end of its mobile app initiatives after over a decade of challenges. The Appstore, launched in 2011, struggled to compete with Google Play Store and had only 0.1% installation on Android devices by its shutdown announcement. Existing users can continue to use downloaded apps until at least August 2025, but Amazon has stopped selling Amazon Coins. The closure coincides with ongoing antitrust scrutiny of Google. Amazon will still operate its Appstore for Fire devices, which use a modified version of Android.
The Epic Games Store for Android now has over 30 games
BetaBeacon
February 21, 2025

The Epic Games Store for Android now has over 30 games

Epic Games Store on Android now has over 30 games available, including popular titles like Star Wars: Knights of the Old Republic and Star Wars: Knights of the Old Republic II, which can be redeemed for free until March 20. The store has more games for Android than iOS, with only 26 games available on iOS, which is only accessible in the EU.
Amazon to retire its Android app store
AppWizard
February 20, 2025

Amazon to retire its Android app store

Amazon will close its app store for Android devices on August 20, 2025, and will also discontinue the Amazon Coins program on the same date. Users will no longer be able to download or use apps from the Amazon Appstore on Android devices after this date, but the app store will continue to operate on Amazon's Fire TV and Fire Tablet products. Unredeemed Amazon Coins will be refunded before the shutdown. The decision is aimed at focusing efforts on the Appstore experience on Amazon devices, where most customer engagement occurs.
Amazon remembers it has an Android app store, kills it
AppWizard
February 20, 2025

Amazon remembers it has an Android app store, kills it

Google may be required to allow third-party app stores access to the Google Play app catalog following a legal setback. This change could benefit companies like Epic Games and Microsoft. Amazon, despite potentially benefiting from this shift, has decided to discontinue phone support for its Appstore due to low user engagement. Amazon's Fire devices, which run on a customized version of Android called Fire OS, will continue to support the Appstore, although the company does not explicitly acknowledge the Android connection. Amazon's statement suggests that its apps may not operate on Android devices after the Appstore's shutdown, potentially excluding Fire tablets and Fire TVs from this definition. Developers who have optimized their apps for the Amazon store may be negatively affected by the transition, but the financial impact is expected to be minimal due to low user engagement.
Search