PSA: Smarttube APK compromised by malware

[tech3475]

See this for more information:
https://www.aftvnews.com/smarttubes...ith-malware-what-you-should-do-if-you-use-it/

Sorry would make a better post but don't have time.

 

[Flame]

looks like the dev fixed this

https://github.com/yuliskov/SmartTube

but be always wary.

 

[Jayro]

looks like the dev fixed this

https://github.com/yuliskov/SmartTube

but be always wary.

>be the dev
>creates youtube app
>everyone_loves_it.jpg
>dev inserts malware into the apk
>oops://mybad.dev
>dev "fixes" the malware apk

I smell some smelly bullshit.

 

[Flame]

>be the dev
>creates youtube app
>everyone_loves_it.jpg
>dev inserts malware into the apk
>oops://mybad.dev
>dev "fixes" the malware apk

I smell some smelly bullshit.

What makes you say that? I mean, I'm not disagreeing with you or anything. Couldn't it not be someone pushed malicious code?

 

[cearp]

What makes you say that? I mean, I'm not disagreeing with you or anything. Couldn't it not be someone pushed malicious code?

There's been a lot of NPM packages that have been compromised recently, I don't think this thing is necessarily suspicious.
Some people just like to think they know "the secret" though

 

[SylverReZ]

There's been a lot of NPM packages that have been compromised recently, I don't think this thing is necessarily suspicious.
Some people just like to think they know "the secret" though

Often maintainers who own popular packages get phishing e-mails claiming to be from NPM stating that their account needs action taken. Once they put in their credentials, however, then that leads to the attackers adding malicious code into NPM packages that they created (often infostealers designed to steal VPN credentials, BitCoin wallets, browser cookies, etc.)