0 %

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021

APKPure, one of many largest various app shops exterior of the Google Play Retailer, was contaminated with malware this week, permitting risk actors to distribute Trojans to Android gadgets.

In an incident that is just like that of German telecommunications equipment manufacturer Gigaset, the APKPure consumer model 3.17.18 is alleged to have been tampered with in an try and trick unsuspecting customers into downloading and putting in malicious purposes linked to the malicious code constructed into the APKpure app.

The event was reported by researchers from Doctor Web and Kaspersky.

password auditor

“This trojan belongs to the harmful Android.Triada malware household able to downloading, putting in and uninstalling software program with out customers’ permission,” Physician Internet researchers mentioned.

In response to Kaspersky, the APKPure model 3.17.18 was tweaked to include an commercial SDK that acts as a Trojan dropper designed to ship different malware to a sufferer’s gadget. “This element can do a number of issues: present adverts on the lock display; open browser tabs; gather details about the gadget; and, most disagreeable of all, obtain different malware,” Kaspersky’s Igor Golovin mentioned.

In response to the findings, APKPure has launched a brand new model of the app (model 3.17.19) on April 9 that removes the malicious element. “Fastened a possible safety drawback, making APKPure safer to make use of,” the builders behind the app distribution platform said within the launch notes.

Joker Malware Infiltrates Huawei AppGallery

APKPure just isn’t the one third-party Android app hub to come across malware. Earlier this week, Physician Internet researchers disclosed it discovered 10 apps that have been compromised with Joker (or Bread) trojans in Huawei’s AppGallery, making the primary time malware has been detected within the firm’s official app retailer.

The decoy apps, which took the type of a digital keyboard, digital camera, and messaging apps from three totally different builders, got here with hidden code to hook up with a command-and-control (C2) server to obtain extra payloads that have been accountable for robotically subscribing gadget customers to premium cellular companies with out their information.

password auditor

Though the app listings have since been “hidden” from the AppGallery retailer, customers who’ve beforehand put in the apps proceed to stay in danger till they’re faraway from their telephones. The listing of malware apps is beneath —

  • Tremendous Keyboard (com.nova.superkeyboard)
  • Glad Color (com.color.syuhgbvcff)
  • Enjoyable Colour (com.funcolor.toucheffects)
  • New 2021 Keyboard (com.newyear.onekeyboard)
  • Digital camera MX – Photograph Video Digital camera (com.sdkfj.uhbnji.dsfeff)
  • BeautyPlus Digital camera (com.beautyplus.excetwa.digital camera)
  • Colour RollingIcon (com.hwcolor.jinbao.rollingicon)
  • Funney Meme Emoji (com.meme.rouijhhkl)
  • Glad Tapping (com.faucet.faucet.duedd)
  • All-in-One Messenger (com.messenger.sjdoifo)

As well as, the researchers said the identical malware payload was “utilized by another variations of the Android.Joker, which have been unfold, amongst different locations, on the Google Play, for instance, by apps resembling Form Your Physique Magical Professional, PIX Photograph Movement Maker, and others.” All of the apps have been faraway from the Play Retailer.

Posted in SecurityTags:
Write a comment