Beware of third party stores! Security firm finds app store infected with malware
This isn’t the first time that an app has been infected with code that is considered to be malicious - in the form of a trojan. Kaspersky had previously found that the CamScanner app was also updated with similar malicious code.
Unlike Apple, which only allows users to download and install apps that it curates via its App Store, Android users can not only ‘sideload’ any compatible application, but also install third-party stores. However, one such store was reportedly infected with malware due to the addition of malicious code, putting its users at risk.
According to a report by Slashgear, popular third-party Android store APKPure’s official Android client was found to contain malicious code, by security firm Kaspersky. The security firm stated in a blog post that it had found the trojan- like infection and informed the company last week on April 8, and that the company has resolved the issue and released version 3.17.19 of the store.
This isn’t the first time that an app has been infected with code that is considered to be malicious. Kaspersky had previously found that the CamScannner app which was hosted on the store (unlike stores like APKPure) had also been updated with similar malicious code resembling the Triada malware - the security firm says the malicious code embedded in APKPure was “standard for this type of threat”.
If you had the APKPure store installed on your device, you may have been impacted in some form or the other - older Android versions, the trojan can install additional apps which can also make their way to the system partition, making them impossible to uninstall. Users who have more up-to-date versions of Android might only see intrusive ads and some paid subscriptions appear out of the blue.
There seems to be only one way to get rid of the malicious version -- by uninstalling the app and then installing the new build released by the developers that bears version number 3.17.19. Kaspersky also recommends users should scan their devices for the threat, adding that its own service detects the trojan as “HEUR:Trojan-Dropper.AndroidOS.Triada.ap” --- but users would be better off installing apps from the Play Store and from trusted sources like the open source F-Droid repository.