Malware found in popular SmartTube app on smart TVs. Here’s what to do about it | usagoldmines.com

What happened with SmartTube?

The developer of SmartTube explained on GitHub that an unknown person had obtained the private key for the app’s digital signature. With this private key, malware was able to be secretly installed and go unnoticed in versions 30.43 and 30.47 of the app.

The malware is located in the libalphasdk.so library and collects information about the device, installed apps, and IP addresses, among other things. According to analyses, account data wasn’t tapped, but the app could receive instructions from the attackers in the future.

Fortunately, Google’s protection mechanisms—in particular, Play Protect—recognized the attack for many users and blocked the compromised installations. This meant that damage could be prevented in some cases before users even learned of the infection.

What SmartTube users should do now

The developer Yuliskov has temporarily taken the app offline and is already distributing a beta version on Telegram that’s signed with a new key. The previously compromised signature has since been declared invalid. Further details on the attack, in particular the theft of the key, are to follow. What those affected should do now:

• Uninstall affected app versions: Remove all SmartTube versions that could potentially be compromised.
• Do not restore any backups: Old settings or backups of the app should not be used for the time being.
• Install a new, secure version: Version 30.56 is available from official sources, either via GitHub or the developer’s verified Telegram channel.
• Beware of fake updates: Do not download any alleged “fix” apps or unofficial versions from unknown sources.

As SmartTube is not available in the Play Store, the app must be installed via sideloading. Bypassing official security checks increases the risk of malware. The incident shows that even popular open-source projects can become the target of malicious attacks.