Author

Topic: Apkpure official app breached with trojan (Read 251 times)

hero member
Activity: 2520
Merit: 952
April 15, 2021, 09:03:50 PM
#23
Im curious but what device are people typically doing this on?  Like an android phone mostly?  But if you use say chromebook etc...

Yes, I'm on android and what's with chromebook?
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
Thanks for sharing the news but if Google playstore and Apple store was said to not moderator every apps on their platform very well due to some apps been used for illegal activities I don't think anyone whatsoever should trust or use a third party platform to download anything online.

That's true but if you were to put yourselves in shoes of these stores, you would realize its hard to keep track of every single uploaded/modified app when they are thousands, they gonna of course try to automate the verification criteria, and every thing has flaws, in the end you can only trust yourself.
I understand what you point out but if they respect their reputation and the wellness of the people that use their service they shouldn't have to use automated verification.
They ought to employ more people, pause and also make every new app which they are yet to verify unavailable to the public.
full member
Activity: 1750
Merit: 186
Im curious but what device are people typically doing this on?  Like an android phone mostly?  But if you use say chromebook etc...
legendary
Activity: 1708
Merit: 1280
Top Crypto Casino
Apkpure and Google play store is the same but the problem is on the apkpure there's no filter the application and the codes submitted to their platform even we say they have the same developer and other information still its not hard to monitor those applications its better if we download to the reliable sources than risking our devices mostly if it consists money involved.

~
Would you consider Huawei a bad company? Their phones do not have play store or any Google services installed on their new harmony os, because Google barred their license however it does support android apps and you are gonna go to third party to download them.

Huawei does not have its GSM so they have to build their own this is the reason they have the Huawei App Galery but some of the applications you want are not there yet so the last option is using their party applications. I think it's better like get the apk from other people like your friend and can transfer it to you I think this is the best way for now.
hero member
Activity: 2520
Merit: 952
Thanks for sharing the news but if Google playstore and Apple store was said to not moderator every apps on their platform very well due to some apps been used for illegal activities I don't think anyone whatsoever should trust or use a third party platform to download anything online.

That's true but if you were to put yourselves in shoes of these stores, you would realize its hard to keep track of every single uploaded/modified app when they are thousands, they gonna of course try to automate the verification criteria, and every thing has flaws, in the end you can only trust yourself.
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
Thanks for sharing the news but if Google playstore and Apple store was said to not moderator every apps on their platform very well due to some apps been used for illegal activities I don't think anyone whatsoever should trust or use a third party platform to download anything online.
jr. member
Activity: 109
Merit: 2
People often use third party apps to download android apps in absence of play store, there are reasons of course, I have been guilty of doing same.

Yesterday, the popular third party android app hosting site apkpure's android app was infected with trojan.

Everyone who downloaded their official app or had auto updates turned on was fucked.

Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.

Kaspersky print: https://www.kaspersky.com/blog/infected-apkpure/39273/amp/

apkpure is one of the best website for android apps. As you can also download premium apps completely free. It's really bad news that it affected by TORJAN.
and you wrote about google that its not secured. Its not only google. Whenever you connected with internet your data is at risk.
legendary
Activity: 1134
Merit: 1598
Why download it from a third-party when you can download it from the play store? If your phone doesn't have a play store then don't buy that kind of phone because you know you are already in a big risk of infecting your phone because not everything you find on the internet is safe.
Yeah, seems like Google Play isn't safe either. Have you ever checked the Scam Accusations board? See how many Play Store apps are reported over there! There's at least one new app every day!

Google doesn't provide safety. They're just money-eating machines. As long as you pay your fees towards them and they make money off you, who cares what you're uploading on their servers?

Best thing you can do is verify installation files before actually installing them. Don't just blindly trust random apps, even from reputable sources. You never know when the "reputable source" you used to trust is attacked and maliciously changed so that while it looks like everything's the same, the executable is infected. Verify before install.
tyz
legendary
Activity: 3360
Merit: 1533
People often use third party apps to download android apps in absence of play store, there are reasons of course, I have been guilty of doing same.

Yesterday, the popular third party android app hosting site apkpure's android app was infected with trojan.

Everyone who downloaded their official app or had auto updates turned on was fucked.

Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.

Kaspersky print: https://www.kaspersky.com/blog/infected-apkpure/39273/amp/


It's common especially in androids where third-party applications can be download and install easily on a smartphone, it kinda likes the thing when it comes to android phones where you get much freedom but more risk in getting these trojans and malware.

Okay, this explains for the first time the reason why there are always serious security problems with Android apps that have not been seen before with Apple. If it is really the case that not a less number of device users download and install Android apps from third-party sites, then I am not surprised anymore.
sr. member
Activity: 2506
Merit: 368
Why download it from a third-party when you can download it from the play store? If your phone doesn't have a play store then don't buy that kind of phone because you know you are already in a big risk of infecting your phone because not everything you find on the internet is safe.

Now, the question is, how many users downloaded an app that's infected with the virus? Are they aware of what is happening? What if they don't know they've downloaded an infected apps? If anyone have an important information on their phone they should avoid downloading from unverified sources especially straight from the internet.
legendary
Activity: 1134
Merit: 1598
Pro-tip: if you download weird apps or so, install Shelter first and install your apps through it or create a new Android user. If anything goes wrong, just remove the user or work profile.

What Shelter does is the closest you can get to sandboxing on any Android build. Same goes for new users.

Anyway, even if you have a new user or a work profile, staying away at all from non-verified third-party apps is a bad idea from the beginning. As others said, if you have any valuable info on your phone, it's a good idea to consider purchasing a secondary device so that you protect your sensitive data from such malicious stuff.
hero member
Activity: 2520
Merit: 952
Quote
Sorry, but why download apps from a third party to your smartphone, where basically all private information about you is stored when you can get the app from the official Play Store at the same time, where before uploading a security check is done by Google? That is absolutely stupid! It's good that you warn here, but downloading apps from apkpure and other similar sites is only recommended for testers, developers and security engineers, never for "normal" users.

Well, there are reasons. Google restricts apps you see based on your region. Then there are companies who don't have Google play installed, huawei, meizu. Or times when you flash custom rom.

Edit: Typo! Thanks @UserU!

Really, there are companies that ship an Android device without the Play Store? Why would you even buy a device from such a company..

Would you consider Huawei a bad company? Their phones do not have play store or any Google services installed on their new harmony os, because Google barred their license however it does support android apps and you are gonna go to third party to download them.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿


Really, there are companies that ship an Android device without the Play Store? Why would you even buy a device from such a company if you know that you will have to get many apps from insecure sources? You must realize that sites like ApkPure have little quality control and app versions with spyware or viruses can be easily infiltrated.

I especially wouldn't use such sites if you're doing sensitive stuff like crypto or online banking with the device only for testing purposes.

I agree with you with all hands. It looks very silly, knowing that there is a risk of infection and data loss, you still go and download applications from unknown sources. I repeat the simple truth many times that some people learn from the mistakes of others, while others need to step on the rake several times to understand that they are doing something wrong. If there are especially risks of losing finances, you can simply offer such eccentrics to put all their cards and pin codes, or private keys to cryptocurrency, on the network.
Mobile devices are not very expensive today, and you can have several for different purposes.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
I don't have the APKpure app on my phone, but I have downloaded apps in the third party app stores in the past. Knowing the danger this kind of practice might cause, I decided to get another mobile device strictly for crypto (mostly wallet and exchange apps) and the other devices for other common apps and game mods from APKpure site and other app stores.

Thanks for the eye-opener though  Wink
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
Thanks for warning! I have downloaded apps from Apkure so many times, but haven't done it recently. Also, I have never installed their own app, I always download apps directly from their website. So, it seems that I'm safe in this case.
But in general, probably it's not smartest idea to download apps from third party websites like Apkure, Aptoid and similar. Especially if you keep crypto on your phone, have bank account connected or have other important stuff on your phone. I said that I did it myself, but not on phone. Most of times I downloaded apps to my Android TV box simply because on Play Store many apps that I needed weren't available for that device.
sr. member
Activity: 1820
Merit: 436
People often use third party apps to download android apps in absence of play store, there are reasons of course, I have been guilty of doing same.

Yesterday, the popular third party android app hosting site apkpure's android app was infected with trojan.

Everyone who downloaded their official app or had auto updates turned on was fucked.

Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.

Kaspersky print: https://www.kaspersky.com/blog/infected-apkpure/39273/amp/


It's common especially in androids where third-party applications can be download and install easily on a smartphone, it kinda likes the thing when it comes to android phones where you get much freedom but more risk in getting these trojans and malware.

But android mostly uses and trusts the google play store but we know that there are fakes applications as well, but it's more filtered compared to when you download directly on the internet where millions of fake applications and apps are everywhere.

What I mean here is it's android, so what happened to apk pure could also happen to other applications, and there nothing much that we can do to avoid it but just to be careful picking the applications to download, unless maybe if you buy a Apple products that has a lot more restrictions where it doesn't allow you to install some application.
tyz
legendary
Activity: 3360
Merit: 1533
Quote
Sorry, but why download apps from a third party to your smartphone, where basically all private information about you is stored when you can get the app from the official Play Store at the same time, where before uploading a security check is done by Google? That is absolutely stupid! It's good that you warn here, but downloading apps from apkpure and other similar sites is only recommended for testers, developers and security engineers, never for "normal" users.

Well, there are reasons. Google restricts apps you see based on your region. Then there are companies who don't have Google play installed, huawei, meizu. Or times when you flash custom rom.

Edit: Typo! Thanks @UserU!

Really, there are companies that ship an Android device without the Play Store? Why would you even buy a device from such a company if you know that you will have to get many apps from insecure sources? You must realize that sites like ApkPure have little quality control and app versions with spyware or viruses can be easily infiltrated.

I especially wouldn't use such sites if you're doing sensitive stuff like crypto or online banking with the device only for testing purposes.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Google Play encourages phishing, they don't actively check for those apps but only does malware detection. Android does run each apps in their individual sandbox so it will limit the spillover effect quite a bit though I'm sure certain zero day exploits can bypass this. Google Play apps can still evade malware detection and it has happened before. If anything SolarWinds or CCleaner has taught us, even the more popular and well known apps can still be compromised.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
Well, there are reasons. Google restricts apps you see based on your religion. Then there are companies who don't have Google play installed, huawei, meizu. Or times when you flash custom rom.

I think you meant region. I'd be sad if Google doesn't allow me to download Forex apps because of riba if I'm a Muslim Grin
hero member
Activity: 2520
Merit: 952
Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.
Google is far from being 100% safe, with its poor security filter system, phishing apps not only gets displayed, but gets recommended on search engines top pages.
Internet users, especially those who are into Bitcoin where you're basically your own bank, should take extra precautions to protect themselves;
• Keep your funds on an airgapped device or hardware wallet,
• If you have exchange accounts and other sensitive information on your device, only download apps that are absolutely necessary and always from their original website (verify the signature key if possible),

I figure there are less chances of trojan/malwares getting through play store unlike case above. Regarding phishing apps, it's more due to scammers take advantage of text input as it's unlikely to raise suspicion.

~

Sorry, but why download apps from a third party to your smartphone, where basically all private information about you is stored when you can get the app from the official Play Store at the same time, where before uploading a security check is done by Google? That is absolutely stupid! It's good that you warn here, but downloading apps from apkpure and other similar sites is only recommended for testers, developers and security engineers, never for "normal" users.

Well, there are reasons. Google restricts apps you see based on your region. Then there are companies who don't have Google play installed, huawei, meizu. Or times when you flash custom rom.

Edit: Typo! Thanks @UserU!
tyz
legendary
Activity: 3360
Merit: 1533
People often use third party apps to download android apps in absence of play store, there are reasons of course, I have been guilty of doing same.

Yesterday, the popular third party android app hosting site apkpure's android app was infected with trojan.

Everyone who downloaded their official app or had auto updates turned on was fucked.

Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.

Kaspersky print: https://www.kaspersky.com/blog/infected-apkpure/39273/amp/

Sorry, but why download apps from a third party to your smartphone, where basically all private information about you is stored when you can get the app from the official Play Store at the same time, where before uploading a security check is done by Google? That is absolutely stupid! It's good that you warn here, but downloading apps from apkpure and other similar sites is only recommended for testers, developers and security engineers, never for "normal" users.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.
Google is far from being 100% safe, with its poor security filter system, phishing apps not only gets displayed, but gets recommended on search engines top pages.
Internet users, especially those who are into Bitcoin where you're basically your own bank, should take extra precautions to protect themselves;
• Keep your funds on an airgapped device or hardware wallet,
• If you have exchange accounts and other sensitive information on your device, only download apps that are absolutely necessary and always from their original website (verify the signature key if possible),
hero member
Activity: 2520
Merit: 952
People often use third party apps to download android apps in absence of play store, there are reasons of course, I have been guilty of doing same.

Yesterday, the popular third party android app hosting site apkpure's android app was infected with trojan.

Everyone who downloaded their official app or had auto updates turned on was fucked.

Of course, neither is Google play 100% safe but reduces the likelihood of infected apps.

Kaspersky print: https://www.kaspersky.com/blog/infected-apkpure/39273/amp/



Jump to: