A popular third-party application designed to offer an ad-free YouTube experience has been found to contain malware, leading to warnings for users and action from major platform providers.
The application, SmartTube, an alternative client for Android and Amazon devices, was compromised in versions 11.43 and 11.47. This security flaw allowed malware to be introduced during an update, subsequently spreading into later releases.
Google and Amazon have already deactivated these compromised applications on various devices. Users who have SmartTube installed are strongly advised to uninstall it immediately.
SmartTube gained a significant user base by promising to bypass the advertisements typically found on streaming services like YouTube. The application was distributed as an APK file, primarily accessible via GitHub.
In response to the discovery, the developer of SmartTube has removed all previous versions of the application. This action aims to ensure that users can only download the most recent, patched version, which is confirmed to be free of the malware.
The full capabilities of the malware remain unknown, making it difficult to assess the extent of potential data compromise. However, due to the minimal permissions SmartTube requested, the likelihood of severe damage to devices or stored data is considered reduced.
Nevertheless, users who linked their Google accounts to the compromised versions should review their account permissions. They should also check their YouTube activity and viewing history for any unusual or unauthorized actions.