Analysts “Dr. Web“And”Kaspersky Labs”Reports that the official client of the alternative Android application store APKPure has been infected with malware.
Tron-dropper infiltrated the ad SDK of the application, and was found in the APKPure client version 3.17.18, which was distributed through the official site of the site. The application has been signed with a valid digital signature from the owners of the catalog.
The researchers write that APKPure appears to have followed the fate of the popular CamScanner app. In 2019, a developer implemented an adware SDK from an unverified source into CamScanner, and as a result, millions of users were affected by malware.
In the case of APKPure, the malware was able to display ads when the device was unlocked, periodically open a browser with advertising pages, and download additional executable modules. The researchers observed how APKPure was used to download a Trojan similar to the malware of the Triada family, with a wide range of capabilities, from displaying and clicking ads to paying subscriptions and downloading other malware.
If the infected device was old, with Android 6 or 7 on board, where it would be easy to get root rights, the xHelper Trojan could also boot, which allows attackers to do almost whatever they want on the device.
The infection was detected in late March, early April 2021, and, according to Kaspersky Lab, APKPure confirmed the problem and promptly released version 3.17.19, in which it is eliminated. How many users were affected by the malicious version of APKPure is unknown.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in