{ "id": "c11b350e-b011-496f-8094-28a5addf1a4e", "created_at": "2026-04-06T00:18:14.823258Z", "updated_at": "2026-04-10T03:30:33.293186Z", "deleted_at": null, "sha1_hash": "86ad231ad2c62ec63282b3e0ccf15f623b0462a2", "title": "Danger lurks in third-party Android app stores", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 33070, "plain_text": "Danger lurks in third-party Android app stores\r\nBy A Prasad\r\nPublished: 2016-02-19 ยท Archived: 2026-04-05 19:24:42 UTC\r\nAs the adoption of smartphones and the reliance on mobile apps increases, security has become a critical issue\r\ndepending on where the apps are downloaded from. Security firms have found that third-party app stores harbour\r\ndangers of malware capable of rooting victims' devices, delivering malicious ads and collecting sensitive user data\r\nfrom the mobile phones.\r\nRecent Google data shows that devices of users who have sideloaded or installed apps from third- party app stores\r\nhave a higher chance of getting infected than those of users who install apps only from Google's Play store.\r\nSpeaking at a Kaspersky Lab Security Analyst Summit, Elena Kovakina of Google's Android security team said\r\nGoogle scans more than two million apps every week for its 1.4 billion Android users, and collects a lot of data\r\nfrom its users. She stressed that using the Play store is much safer than using third-party app stores. \"It turns out\r\nthat using only Play is ten times safer than side-loading too,\" she said.\r\nShe added that countries like Iran, India, and Indonesia typically have the highest rates of PHA (potentially\r\nharmful app) installation, so much that about 2%-2.5% of devices have at least one PHA installed.\r\nThe apps from these stores often appear legitimate and function normally, but may contain malware that tricks the\r\nuser into downloading malicious code that can take complete control of the user's device by gaining root access.\r\nThe malware can then collect all sensitive and personal user data on the device. The apps also mimic popular\r\napps, increasing the chances of getting selected and downloaded. These include mobile games, mobile security\r\napps, camera apps and music streaming apps. Some known third party app stores are Nineapps, Mobogenie,\r\nGetjar, Aptoide, Vshare, and Onemobile.\r\nOne of the most recent malware families spread through these types of third party app stores is\r\nANDROIDOS_LIBSKIN.A. Another malware doing the rounds is the Mazar Bot that gives attackers full\r\nadministrative rights to monitor and control users' phones. Another one is the \"trojanised adware\" known as\r\nShuanet, Kemoge and Shudun. The malware could insert adware into 20,000 commonly-used apps like Facebook,\r\nCandy Crush Saga, Twitter, WhatsApp and Snapchat.\r\nSource: https://www.ibtimes.co.uk/danger-lurks-third-party-android-app-stores-1544861\r\nhttps://www.ibtimes.co.uk/danger-lurks-third-party-android-app-stores-1544861\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.ibtimes.co.uk/danger-lurks-third-party-android-app-stores-1544861" ], "report_names": [ "danger-lurks-third-party-android-app-stores-1544861" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434694, "ts_updated_at": 1775791833, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/86ad231ad2c62ec63282b3e0ccf15f623b0462a2.pdf", "text": "https://archive.orkl.eu/86ad231ad2c62ec63282b3e0ccf15f623b0462a2.txt", "img": "https://archive.orkl.eu/86ad231ad2c62ec63282b3e0ccf15f623b0462a2.jpg" } }