Android Malware “Judy” Infects 36.5 Million Users

Samantha Williams May 29, 2017 Comments Total Views:30
  • twitter
  • googleplus
  • facebook
  • linkedin
  • pinterest
  • flipboard
  • stumbleupon
judy- android malware

The world has still not overcome the rampant ransomware attacks, and the talk of the town is the new Android malware “Judy”, which is allegedly attacking Android smartphones.  Judy malware is said to be the largest malware campaign on Google Play which has attacked almost 36.5 million users, said a security firm CheckPoint. CheckPoint is the security firm that keeps a track of the viruses and malwares infecting smartphones.

 

What is Judy Malware:

As analyzed and said by CheckPoint: Judy malware is an auto-clicking adware which was found on 41 apps and are said to be developed by a Korean company. As estimated, Judy malware has hit almost 36.5 million Android devices by creating false clicks on ads, thereby generating generous revenue for the attackers.

 


Judy- android malware

 

What is an Adware:

An adware is a piece of software, that inevitably renders ads to generate profits for its developer.

 

What Happens after Judy infects an Android phone?

Judy is an adware which mints money for its masters by creating fraudulent advertisements clicks after infecting a phone. Per CheckPoint, Judy bypassed Bouncer, Google Play’s protection making it easy for the hackers to create a seemingly benign bridgehead app, meant to establish a connection to the victim’s device, and insert it into the app store.

 

Once the user downloads the malicious app from the Play Store, it registers receivers in a salient manner and manages to set up a connection with a Control & Command server. The Control & Command servers then delivers the original malicious payload. The payload consists of the “JavaScript code, a user-agent string and URLs controlled by the malware author,” says the firm. The URL’s is used to open the target website and the JavaSrcipt code is used to locate and click on banners from the Google ads infrastructure. Each click means more money for the developers.

 

Who is behind Judy:

As said by CheckPoint, the group behind the malware attack is Kiniwni, a South Korean company which is registered as ENISTUDIO corp on Google Play. The group develops mobile apps on both Android and iOS.

 

Presence on Google Play Store:

The malware is said to be lurking on Google Play for almost a year. The oldest app encompassing the malware is said to be existing on Play Store since 2016. The inability of Google Play Store to detect such malicious app have definitely left it under scrutiny.

 

Users Affected:

Per CheckPoint “The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated.”

 

Protection against Judy:

Though Google Play says that it scans Play Store for malicious apps regularly, missing Judy, clearly shows how ineffective is the scan engine.

 

As said by CheckPoint, Google Play store has now removed all the apps that were said to contain the malware, however, owing to such a miss, it is advised that one should be extremely careful while downloading apps from the Play Store.

 

Also, the system should be updated with the latest security patches. Having an updated anti-virus program is also recommended in order to keep your phones safe.

 

Also Read: EternalRocks: A Malware More Lethal Than WannaCry Is Out

 

  • twitter
  • googleplus
  • facebook
  • linkedin
  • pinterest
  • flipboard
  • stumbleupon