Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Android malware found embedded in APKPure store application

Security researchers found malware embedded within the official application of APKPure, a popular third-party Android app store and an alternative to Google’s official Play Store.

Android users use the application to install apps and games hosted on APKPure’s platform, supposedly identical to those available through the Play Store.

The malware was discovered by Kaspersky and Dr.Web malware analysts embedded within an advertisement SDK included with APKPure version 3.7.18.

As they discovered, it looks like a variant of the Triada trojan first spotted by Kaspersky in 2016 [12], capable of spamming users of infected devices with ads and deliver additional malware.

APKPure interface
APKPure interface

“The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched,” Kaspersky said. “It then collects information about the user device and sends it to the C&C server.”

“Then, a Trojan is loaded that has much in common with the notorious Triada malware, in that it can perform a range of actions – from displaying and clicking ads to signing up for paid subscriptions and downloading other malware.”

Next, depending on its operators’ instructions and monetizing scheme (ads or pay-per-install), it will:

  • show ads every time the Android device is unlocked,
  • repeatedly open web pages containing ads,
  • click the ads to sign up for paid subscriptions,
  • install other payloads or potentially malicious software without the users’ consent.

The damage inflicted by this trojan varies depending on the Android version running on the compromised devices, ranging from being signed up for paid subscriptions and seeing intrusive ads on current versions to having unremovable malware like xHelper deployed on the system partition.

Device information collected by the malware
Device information collected by the malware (Kaspersky)

While no official download stats are available for the APKPure app, Kaspersky says that it has so far blocked the malware on the devices of 9,380 Android users running its security solutions on their devices.

Both Kaspersky and Dr.Web reported their findings to APKPure’s developers, who have released APKPure 3.17.19 today without the malicious code.

Indicators of compromise, including APKpure app, payload, and malware sample hashes, are available at the end of Kaspersky’s report.

BleepingComputer has reached out to APKPure’s development team for more information but has not heard back.

Source: https://www.bleepingcomputer.com/news/security/android-malware-found-embedded-in-apkpure-store-application/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO