Security researchers at Kaspersky Lab have discovered malware embedded in the official APKPure app, a popular third-party Android app store, which is an alternative to Google's official Play Store.

The malware was embedded within an advertisement SDK included with APKPure version 3.7.18. According to experts, the malware is a variant of the Triada trojan, capable of spamming users of infected devices with ads, signing up for paid subscriptions and installing other malicious programs.

“The identified malicious code embedded in APKPure operates in the following way: upon launch of the application, the payload is decrypted and launched. Malware then collects information about the user device and sends it to the C&C server,” the experts explained.

The experts reported their findings to APKPure's developers, and soon, APKPure 3.17.19 version without malicious code was released.

Source: securitylab.ru