Potentially fake ‘Showbox’ movie piracy apps trigger a Play Protect warning, and an investigation indicates they could download malware
It’s tough running your own app store. Microsoft decided to go with Amazon’s when Windows 11 picked up support for Android apps rather than run its own, and even Samsung’s been hedging its bets, running its own app store for its Galaxy devices alongside the Play Store for years. But, based on what we’ve dug up today, it could be doing a better job at it. Several Showbox movie piracy app clones that Samsung is distributing to customers on its Galaxy Store may be able to infect customer’s devices with malware.
Android Police’s Max Weinbach first noted the issue last night, spotting a few Showbox-based apps distributed on the Galaxy Store, some of which trigger Google’s Play Protect warning when installed. And so far as we can tell, that warning isn’t for nothing. An analysis of one of the Showbox apks at Virustotal shows over a dozen low-grade alerts from security vendors ranging from “riskware” to adware. Some of the apps also request more permissions than you’d expect, including access to contacts, call logs, and the telephone.
We reached out to Android security analyst linuxct for more detailed information regarding these vulnerabilities. A subsequent investigation revealed that ad tech in the app is capapble of doing dynamic code execution — in short, while the app itself as it’s distributed may not directly contain malware, it can download and executing other code, which could include malware. Linuxct added that there are very few legitimate use cases for this functionality, and it could be weaponized easily. “So at any moment it may become a trojan/malware, hence it’s unsafe and thus why so many vendors flagged it in VT/Play Protect.” Similar issues were documented in at least two Showbox apps on the Galaxy Store, though it may also affect others.
Samsung isn’t just distributing apps that could potentially expose customers to malware, though. These apps are all clones of another well-known app called Showbox, with a reputation of enabling piracy and providing access to copyrighted content, including movies and TV shows.
The app descriptions claim they do not host pirated content and do not enable piracy. We haven’t tested each of the offending applications individually, given the nature of the warnings attached to their installation, and can’t directly confirm whether the apps currently provide access to pirated content. However, the name has that reputation, and other “experts” who prefer to remain anonymous assure me that the app at one point enabled piracy. Self-hosted sources of the Showbox app make similar claims, advertising the app as a “movie database” application with an integrated VPN — wink wink.
The Showbox subreddit notes that Showbox is “down,” has been for nearly two years, and that third-party websites and apps purporting to be related are “fakes.” Google, we should note, doesn’t host any of the apps in question on the Play Store.
Samsung’s Galaxy Store doesn’t track install counts, but the apps in question cumulatively have hundreds of reviews, including several that make a note of malware warnings at the time of install. We have reached out to Samsung to ask if it’s aware its Galaxy Store might be distributing malware or if it’s aware of Showbox’s reputation for enabling piracy, but the company did not immediately respond to our inquiries — understandable, given the recent holiday — and we’ll update this story if we get a response. We’ve also reached out to the developers of some of the apps in question, but at least one of the contact emails listed bounced back.
In the meantime, you might want to stick with getting apps from safer sources like the Play Store — though It’s had its own malware issues, too.
Read Next
About The Author
