SmartTube YouTube App for Android TV Compromised to Distribute Malicious Update

First reported

01.12.2025 20:56

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The open-source SmartTube YouTube client for Android TV was compromised after attackers gained access to the developer's signing keys. A malicious update was pushed to users, leading to the injection of a hidden library (libalphasdk.so) that communicates with a remote backend. The developer has revoked the old signature and is working on a new version with a separate app ID. Users are advised to avoid auto-updates and use older, known-safe builds until further notice.

Timeline

01.12.2025 20:56 1 articles · 23h ago

SmartTube YouTube App Compromised to Distribute Malicious Update
The open-source SmartTube YouTube client for Android TV was compromised after attackers gained access to the developer's signing keys. A malicious update was pushed to users, leading to the injection of a hidden library (libalphasdk.so) that communicates with a remote backend. The developer has revoked the old signature and is working on a new version with a separate app ID. Users are advised to avoid auto-updates and use older, known-safe builds until further notice.
Show sources

SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com — 01.12.2025 20:56
Open in new tab

Information Snippets

The developer, Yuriy Yuliskov, admitted that his digital keys were compromised, leading to the injection of malware into the app.
First reported: 01.12.2025 20:56

1 source, 1 article
Show sources
- SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com — 01.12.2025 20:56
The compromised version (30.51) includes a hidden native library named libalphasdk.so, which is not part of the public source code.
First reported: 01.12.2025 20:56

1 source, 1 article
Show sources
- SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com — 01.12.2025 20:56
The library runs silently in the background, fingerprints the host device, and communicates with a remote backend via an encrypted channel.
First reported: 01.12.2025 20:56

1 source, 1 article
Show sources
- SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com — 01.12.2025 20:56
Users are advised to reset their Google Account passwords, check for unauthorized access, and avoid logging in with premium accounts.
First reported: 01.12.2025 20:56

1 source, 1 article
Show sources
- SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com — 01.12.2025 20:56
Version 30.19 of SmartTube appears to be safe, as reported by a user.
First reported: 01.12.2025 20:56

1 source, 1 article
Show sources
- SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com — 01.12.2025 20:56

Summary

Timeline

SmartTube YouTube App Compromised to Distribute Malicious Update

Information Snippets