Anti-virus giant Kaspersky Lab has published a blog saying APKPure has been Trojanized and distributing Trojans. As result, Kaspersky advises users to only download applications from official stores. The company points out third-party stores often have malicious apps. That’s because it is easier for a threat actor to place a malicious app on an unofficial store than trying to pass Google’s security. In the post, the security firm shows APKPure version 3.17.18 comes with an advertisement SDK featuring a Trojan dropper. This is HEUR:Trojan-Dropper.AndroidOS.Triada.ap, which delivers a malicious payload when launched. Once unpacked, the payload randomly opens browser tabs, locks the screen, and shows ads. More worryingly, it also collects information from the Android device and download other malware to the system. “Which Trojan gets downloaded (in addition to APKPure’s built-in one) depends on the Android version, as well as on how regularly the smartphone vendor released — and the user installed — security updates.”
Fix
For example, users running Android 8 or newer, the malware will load more Triada Trojan modules. This is an attack that automatically buys premium subscriptions and adds more malware to a system. For older versions of the platform with security updates, the xHelper Trojan is being used. Because there older versions are more rootable, a more robust Trojan is possible. The xHelper attack is much harder to remove, with even a factory reset failing. Kaspersky says it informed APKPure of the problem last week and the company confirmed a fix was incoming. A day later (April 9), a new version of the store (version 3.17.19) was launched to fix a “potential security problems, making APKPure safer to use”. Tip of the day: Do you know that Windows 10 allows creating PDFs from basically any app with printing support? In our tutorial, we show you how this works via Microsoft Print to PDF and Bullzip PDF Printer to save a PDF from any app, even with advanced options like adjusted quality, multi-page printing, and password protection.