The open-source SmartTube YouTube client for Android TV was compromised when attacker access led to malware being injected into a version of the app. Users are advised to avoid the compromised versions, update to the new app once released, and take security precautions. #SmartTube #YuriyYuliskov #AndroidTV #malware #appsigning
Keypoints
- The developerβs signing keys for SmartTube were compromised, allowing malware injection into the app.
- Users reported warnings from Androidβs Play Protect about potential risks associated with the app.
- The malicious update included a hidden native library that communicates with a remote server silently.
- The developer revoked old signatures and plans to release a new, safer version with a different app ID.
- Until a full explanation is provided, users should avoid updating, log out of premium accounts, and reset passwords.