CYBER SECURITY ENTHUSIAST

APKPure was created in 2014 with the purpose of allowing Android users access to a vast bank of Android apps and games, that no longer exist on Android’s official app store Google Play, and later launched an Android app that was serving as its own app store and allowing users to download older apps directly to their Android devices.

The malware was caught by analysts at Kaspersky, that noticed its existence within an advertisement SDK included with APKPure in version 3.7.18.

The malware looks like a variant of the Triada trojan first spotted by Kaspersky in 2016 and is capable of spamming users of infected devices with ads in order to better deliver additional malware.

The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched. It then collects information about the user device and sends it to the C&C server.

Then, a Trojan is loaded that has much in common with the notorious Triada malware, in that it can perform a range of actions – from displaying and clicking ads to signing up for paid subscriptions and downloading other malware.

Source

From this point on, depending on the operators’ instructions and the scheme used for monetization, it will do one of the following actions:

  • show ads when the Android device is unlocked;
  • open web pages containing ads repeatedly;
  • click ads and in this way sign you up for paid subscriptions;
  • install other payloads or potentially malicious software without consent.

The severity of the damage that this trojan can inflict varies depending on the Android version that’s running in that specific device, and it can range from being signed up for paid subscriptions and seeing intrusive ads on current versions to having unremovable malware like xHelper deployed on your system partition.

While no official download stats are available for the APKPure app, Kaspersky says that it has so far blocked the malware on the devices of 9,380 Android users running its security solutions on their devices.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal™ Threat Prevention - Endpoint

Is our next gen proactive shield that stops unknown threats before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

APKPure fixed the issue in the latest 3.17.19 version of the app, but if you’re using version 3.17.18 you should uninstall it immediately and scan your phone using antimalware software.

An Android Vulnerability Exploited in the Wild, fixed by Google

SECURITY ALERT: Android Ransomware FileCoder Strain Emerges

Analysis: How Malware Creators Use Spam To Maximize Their Impact

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP