Apkpure: discover shadcode in app of the alternative android stores

Apkpure: Discover shadcode in App of the Alternative Android Stores

Users of the Alternative Android App Stores Apkpure, which use the APKPURE app for the store access, should ensure that you use the latest version: Safety researchers of Kaspersky and Doctor Web have in Version 3.17.18 The use of harmful code found, which apparently collect data, open windows with advertisements and to recharge further malware. After the APKPURE developers have been informed about the discovery, they reluctantly published a new version of their app: according to Kaspersky is Apkpure 3.17.19 adjusted.

Advertising, Clessager and App subscriptions

Simple details on possible malware infections by using apkpure 3.17.18 Name a blog entry of the Kaspersky team. Thus, the undoubted program code with a high probability of a third-party program library came into the app. The less-designated library should indeed serve to show advertising, but was obviously not sufficiently exempted from the apkpure team before (conscious) installation but obviously not sufficiently on confidence or hidden malfunctions.

According to Kaspersky, the pavile payload was deemed at the term in the course of their camouflage at the term of the app. Among other things, it has been able to collect information on those affected and send it to a remote server. You also have in-house browser windows with advertising (also outside the app surface) and above all also reload additional harmful code.

In the course of their analysis, both AV software companies reported that the contaminated apkpure the trojan "Triada" load. Triada’s most unpleasant features are according to Kaspersky in addition to the ad and defined clicks of advertising (click request) of the download of other unobstructed apps and the self-accurate extraction of paid subscriptions. If the operating system is not up to date, to install Konne Triada-loaded apps at worst in the system partition of the Android device, from where they are difficult to remove.

Update and other information

Technical details and compromise indicators in the form of a list of file hashes as well as the URLs of the Command-and-Control server call Kaspersky Blog Entry. Also Doctor Web has a brief description of the incident published.

In the blog entry of Kaspersky, Android package names are missing or app names for Triada, as helpful to manually remove maliciouscode. Heise Security has asked about Kaspersky. The answer is meaningful: Since Triada is loaded as a module of the infected apkpure app and is not installed as a defensive app, it is sufficient to remove apkpure or update. Apkpure 3.17.19 stands on apkpure.Com ready for download, during the early version 3.17.18 has now been completely removed from the website.

For the use of alternative stores – apkpure is quite popular – there are fundamentally very different opinions. Many security experts advise to obtain Android apps only from Google’s official play store, from its quite extensive anti-malware mechanisms and strict guidelines regarding redeemed content, (un-) admitted advertising papers and co. to benefit. On the other hand, Google’s Official Store is not known from malware; In addition, the coercion tastes for registration with the Google account will not have anyone.

With serious Google Play alternatives, the following articles are concerned, among other things:

  • Android: Alternatives for Google apps and services
  • F-Droid: Alternative Android App Store protects the privacy
  • Six alternative app stores for Android (Heise Select)

Information about Triada supplements (no installation as a defendant app).

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: