Home STAY CURRENTArticles How Hackers Compromised APKPure Android App Store to Deliver Malware

How Hackers Compromised APKPure Android App Store to Deliver Malware

by CISOCONNECT Bureau

A supply chain attack hit APKPure, one of the most popular alternative app stores. Read on to know more about it…

This week, APKPure, one of the most popular alternatives to the Google Play Store, was infected with malware, allowing threat actors to spread Trojans to Android devices.

The APKPure client version 3.17.18 is said to have been tampered with in an effort to trick unsuspecting users into downloading and installing malicious apps linked to the malicious code installed into the APKpure software, similar to the assault on German telecommunications equipment manufacturer Gigaset.

Doctor Web and Kaspersky researchers both reported this threat. As they discovered, this malware appears to be a variant of the Triada trojan, which was first discovered by Kaspersky in 2016 and is capable of spamming users of compromised computers with ads and delivering additional malware.

According to Kaspersky, APKPure 3.17.18 has been modified to include an advertising SDK that functions as a Trojan dropper, delivering other malware to a victim’s computer. Kaspersky’s Igor Golovin said “This component can do several things: show ads on the lock screen; open browser tabs; collect information about the device; and, most unpleasant of all, download other malware,”

The damage caused by this trojan differs depending on the Android version installed on the compromised devices, varying from being signed up for paid subscriptions and seeing annoying advertising on current versions to getting unremovable malware like xHelper installed on the system partition on older versions.

Triada Malware
Commenting on the development, Doctor Web researchers said “This trojan belongs to the dangerous Android.Triada malware family capable of downloading, installing and uninstalling software without users’ permission,”

Triada was created for the express purpose of committing financial frauds, most commonly by intercepting financial SMS transactions. The most intriguing feature of the Triada Trojan is its modular design, which potentially allows it to perform a wide variety of tasks.

The Triada Trojan will penetrate and persist in all processes running on mobile devices, allowing threat actors to download, install, and uninstall payloads without the users’ permission.

Patched Version
APKPure released a new version of the app (version 3.17.19) on April 9 in response to the findings, which eliminates the malicious feature. “Fixed a potential security problem, making APKPure safer to use,” the developers behind the app distribution platform said in the release notes.

“Fixed a potential security problem, making APKPure safer to use,” reads the release note of the new version.

Other Similar Malware
APKPure isn’t the only third-party Android app store that has been infected with malware. Doctor Web researchers revealed earlier this week that they discovered 10 apps in Huawei’s AppGallery that were infected with Joker (or Bread) trojans, marking the first time malware has been discovered in the company’s official app store.

The decoy apps, which included a virtual keyboard, camera, and messaging app from three separate developers, included secret code that enabled them to connect to a Command-and-Control (C2) server and download additional payloads that automatically subscribed system users to premium mobile services without their knowledge.

Users who have already installed the apps are still at risk until they are deleted from their phones, despite the fact that the product listings have been “hidden” from the AppGallery store.

The same malware payload was also “used by some other versions of the Android.Joker, which were spread, among other places, on the Google Play, for example, by apps such as Shape Your Body Magical Pro, PIX Photo Motion Maker, and others.” according to the researchers. The Play Store has been updated to delete all of the apps.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads