The Galaxy Store on Samsung’s website is releasing software that could infect phones with malware

Share This Post

Android Police’s Max Weinbach first noted the issue last night, spotting a few Showbox-based apps distributed on the Galaxy Store, some of which trigger Google’s Play Protect warning when installed. And so far as we can tell, that warning isn’t for nothing. An analysis of one of the Showbox apks at Virustotal shows over a dozen low-grade alerts from security vendors ranging from “riskware” to adware. Some of the apps also request more permissions than you’d expect, including access to contacts, call logs, and the telephone.

A Play Protect warning has been triggered by potentially bogus ‘Showbox’ movie piracy apps, and an investigation has revealed that they may download malware. It’s difficult to run your own app store. When Windows 11 added support for Android apps, Microsoft chose Amazon’s instead of running its own, while Samsung has been hedging its bets for years, running its own app shop alongside the Play Store for its Galaxy devices. However, based on what we’ve discovered today, it may be doing a better job. Several Showbox movie piracy app clones available on Samsung’s Galaxy Store could infect customers’ smartphones with malware.


  • Samsung isn’t just distributing apps that could potentially expose customers to malware, though. These apps are all clones of another well-known app called Showbox, with a reputation of enabling piracy and providing access to copyrighted content, including movies and TV shows. The app descriptions claim they do not host pirated content and do not enable piracy. We haven’t tested each of the offending applications individually, given the nature of the warnings attached to their installation, and can’t directly confirm whether the apps currently provide access to pirated content. However, the name has that reputation, and other “experts” who prefer to remain anonymous assure me that the app at one point enabled piracy. Self-hosted sources of the Showbox app make similar claims, advertising the app as a “movie database” application with an integrated VPN — wink wink.

  • We reached out to Android security analyst linuxct for more detailed information regarding these vulnerabilities. A subsequent investigation revealed that ad tech in the app is capapble of doing dynamic code execution — in short, while the app itself as it’s distributed may not directly contain malware, it can download and execure other code, which could include malware. Linuxct added that there are very few legitimate use cases for this functionality, and it could be weaponized easily. “So at any moment it may become a trojan/malware, hence it’s unsafe and thus why so many vendors flagged it in VT/Play Protect.” Similar issues were documented in at least two Showbox apps on the Galaxy Store, though it may also affect others.

The Showbox subreddit notes that Showbox is “down,” has been for nearly two years, and that third-party websites and apps purporting to be related are “fakes.” Google, we should note, doesn’t host any of the apps in question on the Play Store. Samsung’s Galaxy Store doesn’t track install counts, but the apps in question cumulatively have hundreds of reviews, including several that make a note of malware warnings at the time of install. We have reached out to Samsung to ask if it’s aware its Galaxy Store might be distributing malware or if it’s aware of Showbox’s reputation for enabling piracy, but the company did not immediately respond to our inquiries — understandable, given the recent holiday — and we’ll update this story if we get a response. We’ve also reached out to the developers of some of the apps in question, but at least one of the contact emails listed bounced back.


Related Posts

For Linux 6.0, there are many changes to VirtIO

The components of the VirtIO pull for Linux 6.0...

When the CCP Cyber ​​Army attacks, the Taiwan government’s information security is strengthened

Chang Tun-Han, a spokesperson for the Taiwan Presidential Palace,...

Linux receives a new patch to address AMD Retbleed mitigation – STIBP is required with IBPB

Retbleed, a novel speculative execution attack that takes use...

RCB’s Official YouTube Channel Hacked and Hacker Streamed Live Using Cryptocurrency

Shubman Gill allegedly received congratulations from RCB earlier even...

In response to being targeted by a hijacker Twitter account, Bella Poarch apologizes to Cardi B

Yesterday (August 12), tweets about Poarch’s debut EP, ‘Dolls’...

Microsoft is criticized by Eclypsium for bootloader security issues

Researchers from security platform vendor Eclypsium examined the flaws...