APKPure, one of the largest alternative app stores, was the victim of a supply chain attack. The trojan built into it downloads and installs various apps, including other malicious payloads. Attackers injected the Android.Triada malware with a tainted advertisement SDK to deliver malware. Kaspersky has solved the problem with the release of the version 3.17.19, on April 9, a new version fixes a potential security problem, making APK Pure safer to use. The Triada Trojan is able to infiltrate all process running on the mobile devices.”]
Source: https://securityaffairs.co/wordpress/116635/cyber-crime/apkpure-client-malware.html