Cdigo malicioso

Malware alerted in an unofficial Android app store

And we ended the week with another security alert for those of us who are users of Android mobile devices, which this time affects those who make use of the official APKPure application for Android, since researchers from Kaspersky Lab have recently found malicious code embedded in version 3.17.18, notifying the developers of this popular alternative application store about it yesterday, April 8, immediately taking the release of a new version that eliminates the problem.

Researchers warn that malicious code may act differently depending on the version of the Android system that is available, with worse luck users of more current versions of Android.

A malware capable of installing more malware on the device

In this regard, they warn of greater possibilities that users may be subjected to paid subscriptions and invasive ads appearing out of nowhere, but users of old versions of Android are not spared, especially if their models no longer receive security updates.

At this point, they point out not only that the malicious code is capable of loading additional applications, but also capable of installing them on the system partition, rendering the malware immovable from the device.

Kaspersky Lab recommends immediate uninstallation of the affected version and installation of the version that corrects the problem, in addition to scanning the system for other possible Trojans, recommending its own Kaspersky Internet Security for Android solution.

They consider this case to be a repeat of the CamScanner incident, in which an SDK from an unverified source could be used.

Experts always recommend that users should not install applications from unofficial stores, and APKPure is one of the many alternative options available for Android, being one of the most popular options, that allows users to download and install Android applications, even old versions, which in some cases may be out of print in the Google Play Store itself.

In fact, the APKPure client is not available for installation from the Google Play Store, and must be installed by enabling installation from unknown sources, at the user’s own risk and expense.

In any case, the alert has already been given, and it will be the users who must take action in the matter to avoid greater evils in their own devices, so they should not delay in taking action.

More information: Kaspersky