It was recently reported that four third-party Android app stores have apps that contain malicious components. These malicious apps were reportedly capable of looking for root access to specific devices which makes them very dangerous.
The malicious apps were first reported by Trend Micro and claims that the company found 1,163 Android application packages that contain the malware caked ANDROIDOS_LIBSKIN.A. The report added that the malware can obtain root access to infected devices. Root access is the highest level of access and privilege for any device, which means once the device is infected, the malware can pretty much do whatever it wants without the user knowing it.
Apps containing the malware were downloaded across 169 countries from Jan. 29 and Feb.1. Infected apps were known to be hosted on third-party Android app stores like 9apps, mobile9, Aptoide and Mobogenie, according to PC World.
Security experts have long warned users to keep away from downloading apps from unverified sources. These third-party app stores, most of the time, is where malicious apps originate since they are not properly scanned by Google's security team.
Moreover, the recently discovered malwares were hidden deep inside legitimate apps like games or video streaming apps. Once these infected apps are downloaded, the malware can execute codes that will download more malicious contents into the device without the user knowing it.
Trend Micro mobile threat analysts Jordan Pan wrote on the Trend Micro blog, "These secretly downloaded apps will then present themselves as ads luring users to download other apps from time to time. It can also be used to collect user data."
On the other hand, these malicious apps can present themselves as ads that pop up from time to time. Since these ads randomly appear, users will have no idea which app triggers the ads.
There is also the possibility that malwares can collect a wide range of sensitive user data store on the infected device. These data can include device ID, network ID as well as information of other apps that are running on the background.
Security experts always advise users to keep away from third-party app stores as much as possible. One way to make sure that the apps being downloaded are legitimate is to download it straight from the developer's website.