App

Hackers Tampered With APKPure Store to Distribute Malware Apps

Bạn đang xem: Hackers Tampered With APKPure Store to Distribute Malware Apps

Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices.

In a supply-chain attack similar to that of German telecommunications

equipment manufacturer Gigaset

, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users into downloading and installing malicious applications linked to the malicious code built into the APKpure app.

The development was reported by researchers from

Doctor Web

and

Kaspersky

.

CyberSecurity

“This trojan belongs to the dangerous Android.Triada malware family capable of downloading, installing and uninstalling software without users’ permission,” Doctor Web researchers said.

According to Kaspersky, the APKPure version 3.17.18 was tweaked to incorporate an advertisement SDK that acts as a Trojan dropper designed to deliver other malware to a victim’s device. “This component can do several things: show ads on the lock screen; open browser tabs; collect information about the device; and, most unpleasant of all, download other malware,” Kaspersky’s Igor Golovin said.

In response to the findings, APKPure has released a new version of the app (version 3.17.19) on April 9 that removes the malicious component. “Fixed a potential security problem, making APKPure safer to use,” the developers behind the app distribution platform

said

in the release notes.

Joker Malware Infiltrates Huawei AppGallery

APKPure is not the only third-party Android app hub to encounter malware. Earlier this week, Doctor Web researchers

disclosed

it found 10 apps that were compromised with

Joker

(or Bread) trojans in Huawei’s AppGallery, making the first time malware has been detected in the company’s official app store.

The decoy apps, which took the form of a virtual keyboard, camera, and messaging apps from three different developers, came with hidden code to connect to a command-and-control (C2) server to download additional payloads that were responsible for automatically subscribing device users to premium mobile services without their knowledge.

CyberSecurity

Although the app listings have since been “hidden” from the AppGallery store, users who have previously installed the apps continue to remain at risk until they are removed from their phones. The list of malware apps is below —

  • Super Keyboard (com.nova.superkeyboard)
  • Happy Colour (com.colour.syuhgbvcff)
  • Fun Color (com.funcolor.toucheffects)
  • New 2021 Keyboard (com.newyear.onekeyboard)
  • Camera MX – Photo Video Camera (com.sdkfj.uhbnji.dsfeff)
  • BeautyPlus Camera (com.beautyplus.excetwa.camera)
  • Color RollingIcon (com.hwcolor.jinbao.rollingicon)
  • Funney Meme Emoji (com.meme.rouijhhkl)
  • Happy Tapping (com.tap.tap.duedd)
  • All-in-One Messenger (com.messenger.sjdoifo)

In addition, the researchers

said

the same malware payload was “used by some other versions of the Android.Joker, which were spread, among other places, on the Google Play, for example, by apps such as Shape Your Body Magical Pro, PIX Photo Motion Maker, and others.” All the apps have been removed from the Play Store.

Found this article interesting? Follow THN on

Facebook

,

Twitter

and

LinkedIn

to read more exclusive content we post.

SHARE

Share

Tweet

Share

Comments

APKPure

,

App Store

,

Google Play Store

,

hacking

,

mobile security

Comments

Chuyên mục: App

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button
444 live app 444 live 444 live app 444live kisslive kiss live yy live yylive