Google Play is certainly the official app store for Android devices. Despite this, many users opt for alternative stores. These allow you to install apps outside of the Google Play Store. There are several available to users, but among the most popular is APKpure. Which on its website offers to download the required apps. And it also provides a store that can be installed on the devices. And from there download the apps directly. Recently, this store presented security problems for a long time. Since it included a malware-installing Trojan.
Those who gave the alert were Kaspersky security researchers. They found the malware in APKPure version 3.17.18. This malware specifically corresponded to a Trojan that injects adware (advertising malware). The case report notes that the store’s developers used an unverified SDK (software development kit). However, this is not the first time this error has occurred. Previously, in August 2019 something similar happened with the popular CamScanner app.
What causes the Trojan?
This malware is capable of displaying ads and subscribing to paid services on its own. As well as downloading new malware to the device. However, the level of damage the user receives lies in the Android version of their device. Especially the case is dangerous for users with outdated Android versions. Which are also not well supported by security updates. According to Kaspersky, on these devices the malware is able to install itself in the system partition itself. So it is difficult to remove. Since it is only possible to uninstall the infected application with a factory reset.
Fortunately, Kaspersky notified the APKPure developers about the vulnerability. Consequently, they quickly released version 3.17.19 with the necessary fixes to avoid exposing users. In the face of incidents like this, it is best to be cautious. For this reason it is not recommended to use alternative stores. Instead, stay as long as possible in the official store of each operating system.