Judy, An Android Malware Infects Up To 36.5 M Users

judy android malware
A new malware named ‘Judy’ has found in over 41 apps on the Google Play Store, infecting over 36.5 million users. (Image via CheckPoint Research)
A new malware named ‘Judy’ has found in over 41 apps on the Google Play Store, and it has infected between 8.5 million to 36.5 million users. This is according to a report from security research firm Check Point, which discovered the malware and alerted Google. The search giant has started removing these infected apps from the Play Store.
However, ‘Judy Malware’ infected apps have managed to research over 4.5 million to 18.5 million downloads on the Google Play Store. According to a blog post by Check Point, Judy Malware is “auto-clicking adware,” and the firm spotted apps developed by a company based in South Korea.
The company’s name is Kiniwini, which is mentioned on the Google Play Store as ENISTUDIO Corp, say the researchers. This firm develops apps for Android, iOS. The auto-clicking adware would basically use these infected devices to create false clicks on ads, and thus generate revenue for the people behind this.
Check Point notes in the blog post, “The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated.
The researchers have also found other apps on the Google Play Store, which contain the malware, and these were developed by other companies. The research firm notes that code was present in an app since April 2016, so basically, it managed to escape Google’s scrutiny for nearly a year.

So what exactly is ‘Judy’ malware, and how does it work?

The idea with Judy malware is to create false clicks on ads, and thus boost the revenue of these companies. Essentially the Judy malware bypassed Google Play Store’s protection, and the hackers created a “seemingly benign bridgehead app, meant to establish a connection to the victim’s device, and insert it into the app store.”
After the app is downloaded, it manages to set up a connection with the Control and Command server, which delivers the actual malicious payload. This includes the “JavaScript code, a user-agent string, and URLs controlled by the malware author,” explains the firm.
These URLs open a targeted website, and the code is used to click on banners from the Google ad tech. Each click means payment for the creator of the malware from the website developer. It finds ads by looking for frames, which have ads from Google ads infrastructure.
The Judy Malware fiasco shows that even Google Play Store tends to miss out on malware at times, as it clearly did in this case. Google says that their Play Store works around the clock to automatically identify malware and apps that can pose can risk to the user. But in the case of Judy malware, this is a big miss.


Latest Comments

  1. Hal January 4, 2018
  2. Berry January 18, 2018
  3. Navision Business Essentials February 2, 2018
  4. ios 11 jailbreak February 8, 2018

Leave A Comment