Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky protects over 9,000 clients from malware attacks via infected marketplace app

Kaspersky experts have found malicious code in version 3.17.18 for the official client of the APKPure app store. To date, products belonging to 9,380 Kaspersky users have detected and blocked the threat.

Kaspersky experts have found malicious code in version 3.17.18 for the official client of the APKPure app store. To date, products belonging to 9,380 Kaspersky users have detected and blocked the threat.

According to the researchers, the code was found in the advertising library of the application. The code likely appeared there because of the app developers’ partnership with an unscrupulous advertiser. There was a similar case with the CamScanner incident, when a new advertising SDK from an unverified source was implemented.

The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched. It then collects information about the user device and sends it to the C&C server. Then, a Trojan is loaded that has much in common with the notorious Triada malware, in that it can perform a range of actions – from displaying and clicking ads to signing up for paid subscriptions and downloading other malware.

Afterwards, depending on the response received, the malware can:

Advertisement. Scroll to continue reading.
  • Show ads when the device is unlocked
  • Open browser pages with ads repeatedly
  • Load additional, executable modules

“Depending on the OS version, the Trojan can inflict various forms of damage on the victim. APKPure users with current Android versions are mostly at risk of having paid subscriptions and intrusive ads appear from nowhere. Users of smartphones who do not receive security updates are less fortunate: in outdated versions of the OS, the malware is capable of not only loading additional apps, but installing them on the system partition. This can result in an unremovable Trojan, like xHelper, getting onto the device. We were happy to inform the marketplace about the issue, which resulted in a fix for the version. We urge all APKPure users to immediately update the application to version 3.17.19,” comments Igor Golovin, security expert at Kaspersky.

Kaspersky solutions detected the malicious implant as HEUR:Trojan-Dropper.AndroidOS.Triada.ap.

Kaspersky reported the issue to the marketplace on April 8. The next day, it replied to Kaspersky, saying the issue would be solved in the new version. The fix was done in version 3.17.19, which is already available for download.

In order to stay safe, APKPure users are recommended to:

  • Immediately update the application to version 3.17.19
  • Scan the system for other Trojans using a reliable security solution, such as Kaspersky Internet Security for Android

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

APPS

Today, the App Store stands at the forefront of app distribution, setting the standard for security, reliability, and user experience.

HEADLINES

Kaspersky has detected and blocked over 13 million web threats from its security solutions for businesses in Southeast Asia (SEA). Historical data from the...

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

Advertisement