SmartTube Malware Incident: Developer Confirms Signing Key Breach

SmartTube, a widely used open-source YouTube client for Android TVs, was temporarily compromised and infected with malware. Cybercriminals managed to steal the app’s signature key, allowing them to create and distribute modified, malicious versions that appeared legitimate to users.

The developer confirms the breach and issues a new secure version

The app’s creator, Yuliskov, quickly removed the compromised builds and released a new beta signed with an updated key. On GitHub, he explained that an external attacker obtained SmartTube’s digital signature and embedded malware into versions 30.43 and 30.47, which were then circulated as if they were official releases.

What the malware does — and what users should do

The malicious code is located inside a library named libalphasdk. so. This component collects device information, installed apps, IP addresses, and other system details.

Security researchers report that no user account credentials were leaked, but the malware may still communicate with attackers and potentially receive new instructions for harmful actions in the future.

Google’s security tools, including Play Protect, detected suspicious activity for many users and blocked the installation attempts, preventing a large portion of potential infections before they occurred.

A clean beta version signed with a new key is now being distributed through Yuliskov’s official Telegram channel.

Recommended steps for affected users

• Uninstall any compromised versions immediately
• Do NOT restore backups or import old settings for now
• Download only the verified safe release — version 30.56 — available on GitHub
• Avoid unofficial downloads or apps claiming to “fix” the issue

Since SmartTube is no longer on the Google Play Store, installation must be done via sideloading. Keep in mind that bypassing official security protections increases exposure to malware, so proceed cautiously and only use trusted sources.