Four third-party app stores for Android have apps with a malicious component that seeks root access to devices, according to Trend Micro.
The security company found 1,163 Android application packages containing the malware, which it calls ANDROIDOS_ LIBSKIN.A, wrote Jordan Pan, a mobile threats analyst with Trend. The malware obtains root access to the phone, the highest level of access and privilege.
The apps containing the component were downloaded across 169 countries between Jan. 29 and Feb. 1 from marketplaces called Aptoide, Mobogenie, mobile9 and 9apps.
"We have already contacted these stores and informed them about these threats, but as of this writing, we have yet to receive any confirmation from their end," Pan wrote.
Security experts have long advised that people steer away from third-party apps stores, which may not have the same quality control as Google's Play store. Google vets the apps that are allowed on its store, although malicious ones sometimes slip in.
The malicious component found by Trend is wrapped into legitimate applications, such as games or music streaming apps. The malware can download other apps to a phone without a user's knowledge, Pan wrote.
"These secretly downloaded apps will then present themselves as ads luring users to download other apps from time to time," he wrote. "It can also be used to collect user data."
When pop-up ads begin appearing, it's not clear to the phone's user what app is generating the ads.
"The popups lure users into clicking unwanted apps," Pan wrote. "Clicking on the ads may not necessarily lead the user to the respective app or site."
The malware also collects a variety of data, including the device ID, network, other apps that are running on the device and more.