The popular open-source YouTube app for Android TVs known as SmartTube was temporarily hacked and infected with malware. Attackers had access to the app’s signature key and were able to officially sign altered versions and distribute them to users. The affected builds are now offline and a new, secure version has been made available.

What happened with SmartTube?

The developer of SmartTube explained on GitHub that an unknown person had obtained the private key for the app’s digital signature. With this private key, malware was able to be secretly installed and go unnoticed in versions 30.43 and 30.47 of the app.

The malware is located in the libalphasdk.so library and collects information about the device, installed apps, and IP addresses, among other things. According to analyses,

See Full Page