APKPure was found to carry malware

Google Play Store is the most important application download platform for the Android platform, but there are many websites and platforms outside the Google Store that provide application download services.

Especially for users who cannot install the Google Play Store, application download platforms such as APKPure are also a good choice to synchronize Google updates.

But such unofficial platforms also have security threats: Kaspersky Security Lab recently discovered that the latest version of APKPure released by the platform carries advanced malware.

This malware has many similarities with the infamous Triada malware that appeared before, and it has very rich functions for targeted attacks.

According to the analysis of Kaspersky Security Lab, as a very well-known unofficial Android application download platform, it is unlikely that the APKPure app will carry malicious software.

“File:APKPure Logo.jpg” by Jayasurya Mayilsamy is licensed under CC BY-SA 4.0

The incident is likely to be a replica of CamScanner: Previously CamScanner was found to have infested users with malware and was subsequently removed by Google.

At that time, Kaspersky also found that there was a Trojan horse virus in CamScanner, mainly because the advertising component it carried was a Trojan horse program used to publish intrusive advertisements.

The issue with APKPure is the same this time. The built-in advertising component of the new version is a Trojan horse. After the user installs it, more malicious modules will be installed to pop advertisements.

Including adding advertisements on the lock screen interface of the device, pop-up advertisements after unlocking the device, pop-up advertisements on the desktop, automatic clicking on advertisements, automatic downloading of other software, etc.

It is worth noting that Kaspersky Security Lab claims that the malware is extremely harmful, and it will tailor the attack according to the Android version and patch used by the user.

For example, on a lower version of the Android system that does not have the latest patch installed, the malware will use related vulnerabilities to pop up and click ads without the user’s knowledge.

Or you can install the promotion software directly and perform a simulation operation to get the promotion fee. In addition, even after uninstalling APKPure, the malicious module carried by it still resides.

The analysis found that the malicious module cannot be uninstalled by conventional means after installation, because the user can neither see the icon nor find the program in all applications.

For now, Kaspersky only found that the malware will carry out intrusive advertising after deployment, but the attacker has the ability to use the malware to steal more information.