Malware called Judy to infect 36.5 million Android phone users
More than 41 applications in Google Play Store were discovered to be infected by a new malware named Judy. Researchers have estimated that over 8.5 million users were infected before the malware was discovered and that this number might even go as high as 36.5 million. These reports came from the security company called Checkpoint, which is also the firm that discovered this malware. The firm informed Google immediately after, and all of the known applications were removed from the Play Store soon after.
Checkpoint’s blog post claims that this is one of the so-called ‘auto-clicking adware’, and it’s suspected that the developers of the malware are from South Korea.
The name of the company that’s suspected to be involved is Kiniwini and their name in the Play Store is ENISTUDIO corp. The company is known to create applications for both iOS and Android. According to the researchers, the auto-clocking adware would use the phones to create fake clicks on online ads so that the creators of the ads could benefit from them. The apps themselves seem to be ‘living’ on Google Play Store for a long time now, undetected.
This same malware was also found on other apps, created by other companies. Checkpoint has also noted that it seems like the malware was surviving in the Play Store from April 2016, which means that Google managed to oversee another big malware.
So, what does the malware do, exactly? Well, the general idea is that it’ll automatically click on the ads, and therefore boost the revenue for the companies that have posted them. After you download the app from the Play Store, the malware sets up a connection to the Control and Command Server, which wasn’t on Google’s servers, which is probably why the malware managed to remain undetected for so long. It would then download the malicious payload.
This is a proof of how unsafe the Play Store really can be, and so the customers should take great caution while downloading apps. Google’s team does as much as they can to find the malware that has managed to sneak through their defenses, but even they can’t find all of it, and Judy is the proof enough.