Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google’s app store, contained malicious adware that flooded the victim’s device with unwanted ads.
it alerted APKPure on Thursday that its most recent app version, 3.17.18, contained malicious code that siphoned off data from a victim’s device without their knowledge, and pushed ads to the device’s lock screen and in the background to generate fraudulent revenue for the adware operators.
But the researchers said that the malicious code had the capacity to download other malware, potentially putting affected victims at further risk.
The researchers said the APKPure developers likely introduced the malicious code, known as a software development kit or SDK, from an unverified source. APKPure removed the malicious code and pushed out a new version, 3.17.19, and the developers
no longer list
the malicious version on its site.
APKPure was set up in 2014 to allow Android users access to a vast bank of Android apps and games, including old versions, as well as app versions from other regions that are no longer on Android’s official app store Google Play. It later launched an Android app, which also has to be installed outside Google Play, serving as its own app store to allow users to download older apps directly to their Android devices.
APKPure is ranked as
one of the most popular sites
on the internet.
But security experts have long warned against installing apps outside of the official app stores as quality and security vary wildly as much of the Android malware requires
victims to install malicious apps
from outside the app store. Google scans all Android apps that make it into Google Play, but some have
slipped through the cracks
TechCrunch contacted APKPure for comment but did not hear back.
Chuyên mục: App