Judy Android Malware 36.5 Million Google Play Store Users Infected
Judy #Android Malware 36.5 Million #Google Play Store Users Infected.Judy #Android Malware 36.5 Million #Google Play Store Users Infected.Security researchers recently stated that they had discovered the largest malware campaign on Google Play Store. This malicious malware has got into around 36.5 million Android devices. Researchers report that it is a malicious ad-click software.
A blog post by the security firm Checkpoint on Thursday said that from the infected devices more than 41 Android applications, through a Korean company on Google Play Store had made money for its creators by designing false advertisement clicks through this malicious ware.
An adware program, dubbed Judy is contained by all malicious apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp. These programs usually to generate fraudulent clicks to generate revenue from advertisements.
Moreover, the researchers also discovered a few more apps containing the same malware, published by other developers on Play Store.
The connection remains unclear, but researchers believe that it is possible that one developer borrowed code from the other, “knowingly or unknowingly.”
CheckPoint researchers say that “It is quite unusual to find an actual organization behind the mobile malware since purely malicious actors develop most of them,”
Apps on play store directly do not contain any malicious code that helped apps to bypass Google Bouncer protections.
After downloading, the app secretly registers user device to a remote command and control server, and then the actual malicious payload containing a JavaScript that starts the real malicious process is received.
According to the researchers, they say that “the malware begins the URLs using the user agent. Next, this malware imitates a PC browser in a private web page, and it receives a redirection to the special website page,”. Moreover, “When the targeted site is begun, the malware will use the JavaScript code to locate and click on the banners from the Google ads infrastructure.”
Though these malicious apps are actual legitimate games, they will act as a bridge to connect the victim’s device to the adware server in the background.
Once the connection is established, the malicious apps spoof user agents to imitate itself as a desktop browser to open a page and generate clicks.
Here below is Kiniwini develops a list of malicious apps and if you have any installed on your device, remove and kill it instantly:
• Fashion Judy: Snow Queen style
• Animal Judy: Persian cat care
• Fashion Judy: Pretty rapper
• Fashion Judy: Teacher style
• Animal Judy: Dragon care
• Chef Judy: Halloween Cookies
• Fashion Judy: Wedding Party
• Animal Judy: Teddy Bear care
• Fashion Judy: Bunny Girl Style
• Fashion Judy: Frozen Princess
• Chef Judy: Triangular Kimbap
• Chef Judy: Udong Maker – Cook
• Fashion Judy: Uniform style
• Animal Judy: Rabbit care
• Fashion Judy: Vampire style
• Animal Judy: Nine-Tailed Fox
• Chef Judy: Jelly Maker – Cook
• Chef Judy: Chicken Maker
• Animal Judy: Sea otter care
• Animal Judy: Elephant care
• Judy’s Happy House
• Chef Judy: Hotdog Maker – Cook
• Chef Judy: Birthday Food Maker
• Fashion Judy: Wedding day
• Fashion Judy: Waitress style
• Chef Judy: Character Lunch
• Chef Judy: Picnic Lunch Maker
• Animal Judy: Rudolph care
• Judy’s Hospital: Pediatrics
• Fashion Judy: Country style
• Animal Judy: Feral Cat care
• Fashion Judy: Twice Style
• Fashion Judy: Myth Style
• Animal Judy: Fennec Fox care
• Animal Judy: Dog care
• Fashion Judy: Couple Style
• Animal Judy: Cat care
• Fashion Judy: Halloween style
• Fashion Judy: EXO Style
• Chef Judy: Dalgona Maker
• Chef Judy: ServiceStation Food
• Judy’s Spa Salon
It is determined that the malicious apps were propagating for more than a year. Moreover, one of these apps was at least last updated on Play store in April last year 2016.
Google has now removed all the above-mentioned malicious apps from their Play Store. Be very concerned about downloading apps since Google Bouncer is not sufficient to keep bad apps out of the official store.