Android Judy Malware

Yet another malicious activity has been found in the Google Play, which has infected thousands of Android devices. ‘Judy malware‘ is an adware that results in fraudulent ad clicks in turn giving huge revenue to the creator from the web developer. When the device is affected, it results in false clicks. It is been noticed and believed that almost 41 apps are spreading this malware.

Also it is found that other developers developed many apps that contained malware on Google Play. This malware seemed to be there for sometime on Google Play.

A couple of weeks back, millions of computers were hit with the ‘WannaCry’ and more than 200,000 cases were reported. By the time the same could be sorted out, there was another attack on the computers. The report from Check Point states that the malware is called ‘Judy’ and the 41 apps which are spreading this malicious code was developed by a Korea-based Kiniwini and was published under ENISTUDIO Corp. It is speculated that the malware was downloaded on around 18.5 million devices. Further 36.5 million may be affected by it.

The question here is how it could enter into Google Play, even after the presence of ‘security bound’ the store has. The apps which are fraudulent simply act as a bridge between the user’s device and the ad server. When the connection is established, it is time for the malware to imitate itself to be a PC browser and enables the opening of a page for clicks.

Once the app is downloaded, there is a connection with the control and command server which the app manages to set up, and this reveals or delivers the actual malicious payload. It involves, the JavaScript code, a user-agent string and URLs which is controlled by the creator of malware.

Also Read – Facebook Content Moderation secret documents leaked

Further, the URLs open the website targeted and thereby the code is used for clicking on banners from the Google ad tech. It finds ads by searching for iframes that have ads from Google ads infrastructure.

The solution here would be to check the apps that are published by Check Point so as to not get caught under the malicious act of the malware. Google has however removed the malicious apps and has updated the Bouncer protection, which forms the mechanism to identify or scan the apps.