Many Android apps sold through third-party websites are actually malware programs capable of rooting users' devices.
Many Android apps sold through third-party websites are actually malware programs capable of rooting users' devices.

Third-party app stores for Android phones have become a breeding ground for dangerous malware capable of rooting victims' devices, delivering malicious ads and collecting user data, warned security firm Trend Micro.

The latest data from Trend Micro's Mobile App Reputation Service revealed a total of 1,163 malicious Android application packages (APKs) laced with the malware known as ANDROIDOS_ LIBSKIN.A, the company reported in a blog post yesterday.

Furthermore, Trend Micro found that between Jan. 29 and Feb. 1, 2016, ANDROIDOS_LIBSKIN.A was downloaded in 169 countries and was found in apps sold by at least four third-party app stores: Aptoide, Mobogenie, mobile9 and 9apps. During that same four-day period, roughly 35 percent of infections took place in India, with approximately 28 percent occurring in Indonesia and just over 14 percent in the Philippines. Only 1.22 percent of detected infections took place within the U.S.

The incidents call into question the practice of downloading Android apps from third-party stores instead of the official Google Play store. Customers are sometimes tempted to go through independent online distributors to find better deals, Trend Micro's blog explains. Unfortunately, that sometimes leads people to download spoofed versions of popular apps. “These include popular mobile games, mobile security apps, camera apps, music streaming apps, and so on. They even share the exact same package and certification with their Google Play counterpart,” the blog reads.

The malware Trend Micro chose to profile for its report, ANDROIDOS_LIBSKIN.A, divides itself into two files upon execution. One file enables device rooting and also downloads malicious apps from a set of URLs into a device's system directory. The other file generates malicious pop-up ads for more unwanted apps. The malware also allows hackers to collect a user's device data, including subscription IDs, device ID, language, network type, apps running, network name, and more.

Ironically, malware authors seldom ever leverage the full capabilities gained from rooting a device. If they really want to, “They can install software in way that you can never see what's on there. They can turn your mobile device into a spam factory. With that level of access, the sky's the limit,” Christopher Budd, global threat communications manager at Trend Micro, told SCMagazine.com. But most of the time, these bad actors are simply too focused on quick-and-dirty profit schemes, he explained.

By and large, Trend Micro recommended that Android owners eschew third-party app stores and download only from Google Play or an app developer's own website. “Google not only has known, proven processes for gatekeeping and for making sure that what goes up meets their requirements for security and privacy, but they also have a robust process so that in those extremely rare instances something bad does slip through, they can go out and address it, said Budd.

With that said, the blog does acknowledge that “third-party app stores are implementing means to tighten their security.” And so if consumers do elect to shop at one, they should at least diligently research the site first, the blog explains.