There’s a new piece of Android malware on the loose and it’s a doozy. Originally discovered by researchers at Check Point last week, the malware has been dubbed “Judy” and is potentially one of the most widely spread pieces of Android malware we’ve seen to date. It’s currently believed that upwards of 36.5 million Android devices may have already been infected.
As the firm explains, the malware “is an auto-clicking adware which was found on 41 apps developed by a Korean company.”
Checkpoint says ‘Judy’ generates fraudulent clicks on ads, which results in revenue for the perpetrators, who created a “benign bridgehead app”, which inserts a connection to the users’ phone into the app store.
That means once a particular user downloads an app, it “silently registers receivers which establish a connection with the C&C server,” which in turn replies with the “malicious payload.”
Notably, Google is aware of the malware campaign and has removed the offending apps, which comprised several cooking and fashion games using the ‘Judy’ brand, from its online store.
The Korean publisher thought to be responsible for the infected apps is reportedly known as “ENISTUDIO,” though other publishers have also been said to have released apps with the malware included.
Precisely how the infected apps made it through the Google Play Store screening process remains unclear, but Checkpoint does offer the following explanation: “Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware.”
Last updated:
0 Comments