Hackers Tampered With APKPure Retailer to Distribute Malware Apps


APKPure, one of many largest various app shops exterior of the Google Play Retailer, was contaminated with malware this week, permitting menace actors to distribute Trojans to Android units.

In a supply-chain assault just like that of German telecommunications equipment manufacturer Gigaset, the APKPure shopper model 3.17.18 is alleged to have been tampered with in an try and trick unsuspecting customers into downloading and putting in malicious purposes linked to the malicious code constructed into the APKpure app.

The event was reported by researchers from Doctor Web and Kaspersky.

password auditor

“This trojan belongs to the damaging Android.Triada malware household able to downloading, putting in and uninstalling software program with out customers’ permission,” Physician Internet researchers stated.

Based on Kaspersky, the APKPure model 3.17.18 was tweaked to include an commercial SDK that acts as a Trojan dropper designed to ship different malware to a sufferer’s gadget. “This element can do a number of issues: present adverts on the lock display; open browser tabs; gather details about the gadget; and, most disagreeable of all, obtain different malware,” Kaspersky’s Igor Golovin stated.

In response to the findings, APKPure has launched a brand new model of the app (model 3.17.19) on April 9 that removes the malicious element. “Mounted a possible safety downside, making APKPure safer to make use of,” the builders behind the app distribution platform said within the launch notes.

Joker Malware Infiltrates Huawei AppGallery

APKPure isn’t the one third-party Android app hub to come across malware. Earlier this week, Physician Internet researchers disclosed it discovered 10 apps that had been compromised with Joker (or Bread) trojans in Huawei’s AppGallery, making the primary time malware has been detected within the firm’s official app retailer.

The decoy apps, which took the type of a digital keyboard, digital camera, and messaging apps from three totally different builders, got here with hidden code to hook up with a command-and-control (C2) server to obtain further payloads that had been liable for mechanically subscribing gadget customers to premium cell providers with out their information.

password auditor

Though the app listings have since been “hidden” from the AppGallery retailer, customers who’ve beforehand put in the apps proceed to stay in danger till they’re faraway from their telephones. The listing of malware apps is under —

  • Tremendous Keyboard (com.nova.superkeyboard)
  • Blissful Color (com.color.syuhgbvcff)
  • Enjoyable Coloration (com.funcolor.toucheffects)
  • New 2021 Keyboard (com.newyear.onekeyboard)
  • Digicam MX – Photograph Video Digicam (com.sdkfj.uhbnji.dsfeff)
  • BeautyPlus Digicam (com.beautyplus.excetwa.digital camera)
  • Coloration RollingIcon (com.hwcolor.jinbao.rollingicon)
  • Funney Meme Emoji (com.meme.rouijhhkl)
  • Blissful Tapping (com.faucet.faucet.duedd)
  • All-in-One Messenger (com.messenger.sjdoifo)

As well as, the researchers said the identical malware payload was “utilized by another variations of the Android.Joker, which had been unfold, amongst different locations, on the Google Play, for instance, by apps corresponding to Form Your Physique Magical Professional, PIX Photograph Movement Maker, and others.” All of the apps have been faraway from the Play Retailer.


Source link