Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Kaspersky protects over 9,000 clients from malware attacks via infected marketplace app

April 2021 by Marc Jacob

Kaspersky experts have found malicious code in version 3.17.18 for the official client of the APKPure app store. To date, products belonging to 9,380 Kaspersky users have detected and blocked the threat.

According to the researchers, the code was found in the advertising library of the application. The code likely appeared there because of the app developers’ partnership with an unscrupulous advertiser. There was a similar case with the CamScanner incident, when a new advertising SDK from an unverified source was implemented.

The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched. It then collects information about the user device and sends it to the C&C server. Then, a Trojan is loaded that has much in common with the notorious Triada malware, in that it can perform a range of actions - from displaying and clicking ads to signing up for paid subscriptions and downloading other malware.

Afterwards, depending on the response received, the malware can:
? Show ads when the device is unlocked
? Open browser pages with ads repeatedly
? Load additional, executable modules

“Depending on the OS version, the Trojan can inflict various forms of damage on the victim. APKPure users with current Android versions are mostly at risk of having paid subscriptions and intrusive ads appear from nowhere. Users of smartphones who do not receive security updates are less fortunate: in outdated versions of the OS, the malware is capable of not only loading additional apps, but installing them on the system partition. This can result in an unremovable Trojan, like xHelper, getting onto the device. We were happy to inform the marketplace about the issue, which resulted in a fix for the version. We urge all APKPure users to immediately update the application to version 3.17.19,” comments Igor Golovin, security expert at Kaspersky.

Kaspersky solutions detected the malicious implant as HEUR:Trojan-Dropper.AndroidOS.Triada.ap.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts