APKPure, one of the largest and popular alternative app stores that contains third-party games and software catalogs for the Android OS, was discovered to be infected with malware which allows malicious threat actors to distribute Trojans and malwares to Android devices.
APKPure version 3.17.18 was discovered to have been tampered and tweaked in attempts to trick unsuspecting users into downloading and installing malicious applications linked to the malicious code built into the APKpure app. Android.Triada was linked to the attack wherein once installed, it is capable of downloading, installing and uninstalling software without users’ permission, showing advertisement on victim’s lock screen, open browser tabs, collect information about the device; and also download other malware into the mobile device.
A. List of Affected Clients
Affected APKPure client version is as follows:
- APKPure client version 3.17.18
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Immediately install and update to the latest versions of the APKPure client to remove the malicious component embedded into the compromised version client. (https://apkpure.com/apkpure/com.apkpure.aegon#whatsnew)
- Users are also advised to check other indicators of compromised, such as suspicious files, installed unknown applications, excessive permission granted to applications, unsolicited advertisements, and unusual web browser activities.
- Android users are highly advised to use their mobile official app store, such as Google Play Store, in download applications to minimize the avenue of threats that may compromise their mobile devices.
- If not applicable, exercised caution in downloading and installing application from third-party mobile application distribution platforms as they may include suspicious and/or malicious components that may compromise mobile devices.