Recent developments from security experts have disclosed that APKPure carried malicious adware that was bombarding users with unwanted ads.
Popular open source APKPure:
APKPure is a widely popular open-source service that provides users with direct access to APK (Android app) files. Users can download these files onto their Android devices.
APKPure was set up in 2014 to allow Android users access to a vast bank of Android apps and games, including old versions, as well as app versions from other regions that are no longer on Android’s official app store Google Play.
It later launched an Android app, which also has to be installed outside Google Play, serving as its own app store to allow users to download older apps directly to their Android devices.
Detection of the malicious adware:
Kaspersky Lab, the cybersecurity and antivirus provider had reportedly notified APKPure of the malicious adware infecting their latest 3.17.18 version that was exfiltrating data from victims’ devices. Meanwhile, the adware campaigns ads on the infected devices’ lock screens and in the background to generate revenue for the adware operators.
Analysis of the open-source platform’s adware also reveals that it has the ability to download other malware, this jeopardizing the victims further.
The adware i.e. the malicious code SDK, was most probably injected into the open-source service from unverified sources, as was put forth by the researchers.
Updated version deployed by APKPure:
APKPure has since eliminated the adware and has delivered an updated version 3.17.19.
The website of the open source service no longer lists this adware-infected version.
Cybersecurity concerns posed:
As far as the popularity of APKPure is concerned security experts are of the opinion that installing apps outside of the official app stores is inherently a risky maneuver, as quality and security vary wildly.
It has commonly been observed that several Android malware require victims to install malicious apps from outside the app store and APKPure provides a viable environment for the exact scenario.