Security researchers at Kaspersky Lab have discovered malware embedded in the official APKPure app of the popular third-party Android app store, which is an alternative to the official Google Play Store.
The malware was embedded in the adware SDK included with APKPure version 3.7.18. According to experts, the malware is a variant of the Triada Trojan, capable of sending ad spam to users of infected devices, subscribing to paid subscriptions, and installing other malicious programs.
“The identified malicious code embedded in APKPure works as follows - when the application is launched, the payload is decrypted and launched. Then the malware collects information about the user device and sends it to the C&C server, ”the experts explained.
Depending on the operator's instructions and the monetization scheme (ads or install fees), the software is capable of showing ads every time an Android device is unlocked, reopening web pages with ads, clicking on ads for paid subscriptions, and installing other payloads or potentially malicious software without the consent of users.
Although official statistics on the number of downloads of the APKPure application are not available, Kaspersky Lab experts claim that the malware has been blocked on 9,380 Android users.
The experts informed the APKPure developers of their findings, and soon, APKPure 3.17.19 version was released without malicious code.