Judy, a new malware, has been found infecting 41 apps on the Google Play Store. Discovered by Check Point researchers, the malware has affected between 8.5 million to 36.5 million Android smartphones. Google recently announced that there are over 2 billion active Android smartphones globally.
According to a report by Check Point researchers, Judy malware is an auto-clicking adware designed to generate revenues for its perpetrators by generating large amount of fraudulent clicks on advertisements. These malicious apps have been downloaded between 4.5 million and 18.5 million times and some of these apps have been on Play Store for several years. Check Point has reportedly alerted Google about the malware and the search giant has started removing these infected apps.
Check Point says, "Judy relies on the communication with its Command and Control server (C&C) for its operation." This makes it similar to FalseGuide and Skinner malwares that previously infiltrated Google Play.
Judy has been found bypassing Bouncer, a security service for the official Android app store. This allows hackers to create bridgehead apps and establish a connection with the victim's device. "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server," Check Point noted. The malware has been found opening URLs controlled by the author on an imitated PC browser within a hidden webpage. The malware uses JavaScipt to locate and click on ads and the malware author receives payment from the website developer.
Security researchers note that most of these Judy malware infected apps have been developed by ENISTUDIO corp, a Google Play registered entity run by a Korean company named Kiniwini. The company develops apps for both Android and iOS platforms, and is found making illegimate use of the users' mobile devices for generating false clicks on advertisements. Google Play users have also reported that these apps display large amount of ads, leaving users with no option but to click on them.
While Google Play has been infected with multiple malwares in the past, the reach of Judy makes it a significant threat to Android users. Check Point researchers caution users of not just relying on the official app stores for their safety, and instead using advanced software protection tools capable of detecting such threats and blocking zero-day attacks.