APKPure, one of the largest app store alternatives to the Google Play Store, has been Trojanized and distributed other Trojans. This week, cybercriminals tempered with the store’s code so that it distributed Trojans to Android devices.
Google Play offers apps that use Google Mobile Services (GMS). These apps are firmly tied to Google’s infrastructure, and some vendors don’t like that. They avoid GMS libraries to stay independent and use other distribution channels. But this approach presents certain risks as the incident with APKPure showed.
The issue related to the APKPure client version 3.17.18 and distributed trojans of Android.Triada malware family. The incident had been reported by researchers from Doctor Web and Kaspersky. Since then ApkPure has fixed the issue.
The malicious code built into APKpure’s tampered version showed ads to trick unsuspecting users into downloading and installing infected apps.
“This trojan belongs to the dangerous Android.Triada malware family capable of downloading, installing and uninstalling software without users’ permission,” Doctor Web researchers said.
According to Kaspersky, the APKPure version 3.17.18 had been tweaked by threat actors to incorporate an advertisement SDK that acts as a dropper that delivers other malware.
Once installed on the victim’s device, the malicious component can show ads on the lock screen, open browser tabs, gather information about the device, and download other malware, according to Kaspersky’s Igor Golovin.
Following Dr.Web and Kaspersky’s findings, on April 9, APKPure released a new patched version of APKPure 3.17.19.
“Fixed a potential security problem, making APKPure safer to use,” the platform’s developers said in the new version’s release notes.
Security firms recommend downloading apps from official stores only to reduce the risk of installing malware.