Judy malware found infecting nearly 36.5 million Android smartphones: Check Point research

By Karthekayan Iyer | Published on 29 May 2017

Judy malware has been found affecting 41 apps on Google Play Store and the search giant has started removing these infected apps.

Judy malware found infecting nearly 36.5 million Android smartphones: Check Point research

Vostro 3501

Popular tech to stay connected anywhere. Save more on exciting Dell PCs.

Click here to know more


Judy, a new malware, has been found infecting 41 apps on the Google Play Store. Discovered by Check Point researchers, the malware has affected between 8.5 million to 36.5 million Android smartphones. Google recently announced that there are over 2 billion active Android smartphones globally.

According to a report by Check Point researchers, Judy malware is an auto-clicking adware designed to generate revenues for its perpetrators by generating large amount of fraudulent clicks on advertisements. These malicious apps have been downloaded between 4.5 million and 18.5 million times and some of these apps have been on Play Store for several years. Check Point has reportedly alerted Google about the malware and the search giant has started removing these infected apps.

Check Point says, "Judy relies on the communication with its Command and Control server (C&C) for its operation." This makes it similar to FalseGuide and Skinner malwares that previously infiltrated Google Play.

Judy has been found bypassing Bouncer, a security service for the official Android app store. This allows hackers to create bridgehead apps and establish a connection with the victim's device. "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server," Check Point noted. The malware has been found opening URLs controlled by the author on an imitated PC browser within a hidden webpage. The malware uses JavaScipt to locate and click on ads and the malware author receives payment from the website developer.

Security researchers note that most of these Judy malware infected apps have been developed by ENISTUDIO corp, a Google Play registered entity run by a Korean company named Kiniwini. The company develops apps for both Android and iOS platforms, and is found making illegimate use of the users' mobile devices for generating false clicks on advertisements. Google Play users have also reported that these apps display large amount of ads, leaving users with no option but to click on them.

While Google Play has been infected with multiple malwares in the past, the reach of Judy makes it a significant threat to Android users. Check Point researchers caution users of not just relying on the official app stores for their safety, and instead using advanced software protection tools capable of detecting such threats and blocking zero-day attacks.

Karthekayan Iyer

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status