The SmartTube app for Android TV, a popular open-source alternative to YouTube, was breached after an attacker accessed the developer's signing keys. This led to a malicious update that was pushed to users, prompting warnings from Google's Play Protect. Developer Yuriy Yuliskov confirmed that his keys were compromised, resulting in malware being injected into version 30.51 of the app. Users were advised to switch to a new version with a different app ID that Yuliskov plans to release soon. A reverse-engineered analysis of the compromised version revealed a hidden library, libalphasdk.so, which does not exist in the app's public source code. This library operates silently, collecting device information and communicating with a remote server without user consent. Although there's no direct evidence of severe malicious activities like account theft, the potential for such actions remains high. Trust issues have emerged in the community due to a lack of transparency from the developer regarding the breach. Yuliskov indicated that the malware problem began around version 30.43 and persisted until 30.47, with some builds inadvertently compromised due to malware on his development machine. He has since cleaned his environment and switched to a new signing key starting with version 30.55. Until Yuliskov fully discloses details of the breach, users are advised to stick with older, verified builds, refrain from using premium accounts, and disable auto-updates. They should also take precautions with their Google Accounts, including resetting passwords and checking for unauthorized access.