A new malware called Judy has apparently been affecting Android phones worldwide. The malware is found in 41 apps on the Google Play Store, and it has infected between 8.5 million to 36.5 million users.
Check Point, a security research firm discovered the malware and alerted Google. The search giant has started removing these infected apps from the Play Store.
The malware is an auto-clicking adware which was found on 41 apps developed by a Korean company. It was also discovered that Judy is hiding in app code since April 2016.
Also the apps that have been directly linked with Judy have been downloaded “between 4.5 million and 18.5 million” times, there is no direct estimate of just how many devices have been affected.
Judy being an adware tries to make money for its masters by creating fake ad clicks once it has infected a phone. The infection, on the other hand, happens once a user downloads the app through the Play store. After infecting a phone the app connects to a Control & Command centre managed by its creators.
In order to bypass the Google Play’s protection ‘Bouncer,’ the hackers create a seemingly benign bridgehead app, meant to establish a connection to the victim’s device, and insert it into the app store. Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server.The server replies with the actual malicious payload.
In other words, it doesn’t seem that Judy steals any information from a user. Instead, it seemingly uses a phone to generate fake ad clicks, which then make money for its creators.
But that doesn’t mean that we should not worry about Judy. The malware is very sophisticated, as evident by its design that can even defeat Google’s Bouncer protection. It’s just that at this moment Judy is probably not stealing anything from users. But with the secret gateway, it creates between an infected phone and the malware server it can possibly easily steal private details like credit card information and passwords from a phone.
Another interesting part is that the Judy comes from a known developer, a Korean company named Kiniwini, registered on GooglePlay as ENISTUDIO corp. The company develops mobile apps for both Android and iOS platforms. It is quite unusual to find an actual organisation behind the mobile malware, as most of them are developed by purely malicious factors.
Since it has the capability to bypass the GooglePlay protection, users should be careful while downloading any app from GooglePlay as chances are high that the phone might get affected. Though Google has removed those apps which have the malware, it will better if the users be cautious and not to download unknown apps.
Post Your Comments