Beware! Do You Download Android App APKs Using APKPure? It Distributes Trojans

APKPure is one of the most popular services outside the Google Play Store for downloading apps on Android, but it had a clear security gaffe.

APKPure Trojan
Image: Security Intelligence

APKPure has been one of the most notable sites for users to download apps outside of the Google Play Store. With relative popularity, APKPure also happens to be a safer alternative to most other third party app stores, which are often the target of malicious threat actors looking to spread rogue apps containing ransomware or other types of malware. Now, according to a new Kaspersky report, it seems that even APKPure may not have been particularly safe for a long stretch of time, as it was spreading a Trojan that could stealthily download far more severe malware on your phones.

APKPure itself has an app that users can install to get access to the service’s app listings. It essentially works as a replacement for the Google Play Store, and is key for users who either do not want to use the Play Store for some reason, or use Android phones that do not have access to Google Mobile Services. The app, as it has been reported, had an integrated advertisement module that was added to it recently, which was how the threat actors injected the Trojan into the system. What’s even more interesting is how this hack would work – before downloading it on users’ phones, the SDK would use data from the APKPure app to read which version of Android are you so, and download a malicious file accordingly.

If a device runs the latest versions of Android, the APKPure app would download the Triada Trojan on your phone, which would then do malicious tasks such as display incessant adware on your phone, attempt to auto-purchase premium app subscriptions and most importantly, include a backdoor that can download further malware from a remote server. For devices running Android 8 or older, the xHelper Trojan is downloaded. The latter is a considerably critical malware that can allow an attacker to take over up to full control of a user’s device, including controlling their browser tabs and reading their messages. What makes things even worse is how xHelper is one of the trickiest malware to remove from a device, since it installs in a root directory and is not removed by firmware resets.

Thankfully, APKPure has confirmed to Kaspersky that an update has been issued to fix the bug, and the app is safe to use again. The cyber security company has confirmed this as well, and further stated that users should still do a full scan of their device to check for any incidental malware. While the Google Play Store is also not entirely malware proof, it does have Google’s teams actively hunting down malicious apps. As a result, users are recommended that they download their apps as much from official sources only, such as the Google Play Store, unless any reason necessitates them to look at sites such as APKPure.

Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page