Security researchers claim that APKPure, a very popular app for installing old or discontinued Android apps outside of Google’s App Store, contained malicious adware that flooded the victim’s device with unwanted ads.
Kaspersky Lab said it alerted APKPure on Thursday that its most recent version of the app, 3.17.18, contained malicious code that was siphoning data from a victim’s device without their knowledge, and pushing advertisements on the device lock screen and in the background to generate fraud. revenues for adware operators.
But the researchers said the malicious code had the ability to download other malware, potentially putting affected victims at additional risk.
The researchers said the developers of APKPure likely introduced the malicious code, known as a SDK or SDK, from an unverified source. APKPure has removed the malicious code and released a new version, 3.17.19, and the developers no longer list the malicious version on its site.
APKPure was introduced in 2014 to provide Android users with access to a vast bank of Android apps and games, including older versions, as well as versions of apps from other regions that are not available. more on the official Android Google Play App Store. It then launched an Android app, which also needs to be installed outside of Google Play, serving as its own app store to allow users to download older apps directly to their Android devices.
APKPure is ranked among the most popular sites on the internet.
But security experts have long warned against installing apps outside of official app stores because quality and security vary wildly as most Android malware forces victims to install malicious apps. outside of the app store. Google scans all Android apps that make it in Google Play, but some have already slipped through the cracks.
TechCrunch has contacted APKPure for comment, but has not received a response.