unknown sources Archives

AppWizard

March 20, 2026

Google Unveils New Process For Installing Unverified Android Apps

Google is implementing stricter measures for installing Android applications outside of its Play Store, requiring all apps to be signed by verified developers. Users will now access the Allow Unverified Packages setting through Developer Options, with a 24-hour security delay after device restarts. A limited free developer account option allows only 20 device installations, with a fee and government-issued ID required for more. These changes will affect third-party app stores, which must also comply with the new verification requirements. Scammers may still find ways to bypass these restrictions.

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

BetaBeacon

March 17, 2026

How to Play Original Xbox Games On Android : Requirements, Install Steps & Tweaks

The X1 Box emulator allows Android devices to run original Xbox games, requiring specific requirements such as Android 8+, a 64-bit ARM processor, Vulkan-compatible GPU, and at least 8GB of RAM. Additional features like save states, controller support, and shader caching enhance gameplay, while limitations such as app crashes and performance variability may occur on less powerful devices.

AppWizard

March 16, 2026

Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services

Android 17 has introduced Advanced Protection Mode (AAPM) to enhance user security by preventing non-accessibility applications from using the Accessibility API, which has been exploited by malware. AAPM allows only verified accessibility tools to utilize the API and implements stricter security settings, including blocking installations from unknown sources, limiting USB data access, and mandating Google Play Protect scans. Applications must declare themselves as accessibility tools with the attribute isAccessibilityTool="true" to use the Accessibility Services API. Additionally, Android 17 features a new contacts picker that allows applications to request access to specific contact fields instead of the entire address book, enhancing user privacy.

AppWizard

March 16, 2026

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is piloting a security enhancement in its Android Advanced Protection Mode (AAPM) that restricts certain applications from using the accessibility services API. This update is part of Android 17 Beta 2. AAPM, introduced in Android 16, enhances device security by blocking app installations from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. Developers can integrate with AAPM through the AdvancedProtectionManager API to adapt their apps based on the security mode's status. The new restriction prevents non-accessibility apps from accessing the accessibility services API, allowing only verified accessibility tools like screen readers and voice-based input tools. Non-accessibility apps, including antivirus software and password managers, will have their access revoked when AAPM is activated, and users cannot grant permissions to these apps unless AAPM is disabled. Additionally, Android 17 introduces a new contacts picker feature that allows developers to specify which fields to access from a user's contact list, providing more granular control over data access.

AppWizard

March 13, 2026

Google’s Android boss talks Android 17, sideloading drama, and why he hates phone cases

MWC (Mobile World Congress) in Barcelona is a significant event for the tech industry, where companies unveil new hardware and showcase emerging ideas. At MWC 2026, Sameer Samat, President of the Android Ecosystem, discussed the evolution of Android, particularly focusing on Android 17, which aims to transition from an operating system to an intelligent system. This version will integrate AI capabilities through Gemini, allowing for more intuitive task management. Android 17 will introduce early agentic capabilities, initially available in a beta feature for select devices, enabling users to automate multi-step tasks. Samat confirmed that Google has no plans to remove sideloading, despite concerns about app security. Upcoming changes to sideloading will focus on verifying app identities to protect users from malicious apps while still allowing power users to install unverified software. He emphasized the importance of balancing openness and safety in the Android platform. Samat expressed excitement about current Android phones, highlighting trends in foldable devices and praising models from brands like Motorola and Nothing for their appeal to younger consumers. He mentioned using a Galaxy Z Fold 7 for work and a Pixel 10 Pro for personal use, noting the beauty of the devices and his preference not to use cases.

AppWizard

February 19, 2026

PromptSpy Android Malware Abuses Google Gemini to Automate Recent-Apps Persistence

Cybersecurity researchers have identified a new Android malware named PromptSpy that utilizes Google's Gemini AI chatbot to enhance its capabilities and persistence on infected devices. PromptSpy can capture lockscreen data, obstruct uninstallation, gather device information, take screenshots, and record screen activity. It integrates Gemini to analyze the current screen and provide instructions to keep the malware active in the recent apps list. The malware uses a hard-coded AI model and communicates with a command-and-control server via the VNC protocol, allowing remote access to the victim's device. It is financially motivated, targeting users in Argentina, and was developed in a Chinese-speaking environment. PromptSpy is distributed through a dedicated website and is considered an advanced version of a previously unidentified malware called VNCSpy.

Winsage

February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.

AppWizard

February 10, 2026

Google warns millions of android users as virus spreads via WhatsApp, Instagram, Facebook, YouTube and more Apps; How to stay safe

Google has issued a warning to Android users about a dangerous malware called Arsink Malware, which is a Remote Access Trojan (RAT) capable of stealing personal information and taking control of infected devices. It spreads through apps that appear legitimate, often masquerading as "Mod" or "Premium" versions of popular applications. Arsink malware typically infiltrates devices via Telegram channels, Discord posts, third-party websites, and suspicious download links. Google has confirmed that no versions of Arsink are available on the Play Store and that devices with Google Play Protect enabled are automatically safeguarded against such threats. Google is also working with researchers to dismantle the infrastructure associated with this malware. To stay safe, users are advised to download apps only from the official Google Play Store, avoid 'Mod' or 'Premium' versions of apps, refrain from clicking on suspicious links, carefully check app permissions, keep Google Play Protect enabled, and regularly update their devices for security patches.

AppWizard

January 20, 2026

Google Plans Extra Safety Checks for Android App Sideloading

Google is introducing an online developer verification system to enhance the safety of sideloaded Android applications. This feature will verify the authenticity of app developers when users sideload applications, requiring an active internet connection for verification. If a device is offline, users will receive a warning message indicating that the app developer cannot be verified. The verification system aims to provide transparency and empower users to make informed choices without restricting sideloading. Google has historically allowed sideloading but is increasingly aware of the associated security vulnerabilities. The company promotes Play Protect and has introduced warnings and safety checks to encourage cautious user behavior. Google acknowledges that many users rely on sideloaded apps for valid reasons and aims to ensure they are aware of the risks and can verify the trustworthiness of developers.