According to a warning message from Trend Micro, third party Android app stores are riddled with dangerous malware capable of rooting victims' devices, delivering malicious ads and collecting user data.

From the latest data from the Trend Micro's Mobile App Reputation Service, a total of 1,163 malicious Android application packages (APKs) are laced with the malware known as ANDROIDOS_ LIBSKIN.A.
.
The malicious apps were available in 169 countries and was found in apps sold by at least four third-party app stores: Aptoide, Mobogenie, mobile9 and 9apps. Between Jan. 29 and Feb. 1, 2016, roughly 35 percent of infections took place in India, with approximately 28 percent occurring in Indonesia and just over 14 percent in the Philippines. Only 1.22 percent of detected infections took place within the U.S.

Unfortunately, people are inclined to download spoofed apps. According to Trend Micro: “These include popular mobile games, mobile security apps, camera apps, music streaming apps, and so on. They even share the exact same package and certification with their Google Play counterpart.”

The malware, once downloaded, splits into two files. One roots the device while the other creates pop up ads for other malicious downloads. In addition, the apps also allows hackers to collect a user's device data, including subscription IDs, device ID, language, network type, apps running, network name, and more.

Christopher Budd, global threat communications manager at Trend Micro, said: “They can install software in way that you can never see what's on there. They can turn your mobile device into a spam factory. With that level of access, the sky's the limit.”

As if users need a reminder, Trend Micro recommends that apps be downloaded from the official app store or the developers own website.

Source: SCMagazine