The unofficial app store for Android platform, APKPure that allows users to download and use Android apps not available on Google Play, has been marred with malicious adware. According to a recent report by cybersecurity firm Kaspersky, the most recent app version, 3.17.18 contains malicious code that can install dangerous Trojans on victim devices. If you use the APKPure app store, it’s recommended to upgrade to a new version now.
In its blog post, informing about the detection of the malicious code, Kaspersky informs it notified the developers about the infection in version 3.17.18 on April 8. APKPure was quick on resolving the issues with instant release of version 3.17.19 with security fixes.
The detected malware can extract data from the victim’s smartphone, without being notices, and pushes out ads to the phone that can be seen on the lock screen or in the background. The fraudulent code also generated more downloadable malware further risking the already victim devices.
The malware found on the APKPure app is an advertisement SDK whose source is untraceable. The malware has been removed from the app and it has been updated to a new version with security fixes. The old, infected version has been reportedly pulled down and the new version 3.17.19 is now downloadable from the site.
Android users are recommended to download apps from Google Play Store only because the viability of apps installed from third-party app stores can never be guaranteed. Nonetheless, these apps stores are thriving, users download old versions of apps and apps that are not available on the Play Store from stores outside of the official one.