top of page
Writer's pictureGearlogy Staff

What??? ‘Judy’ Malware Potentially Hits Up to 36.5M Android Devices.

Up to 36.5 million Android devices may have been infected by malware that produced fake ad clicks and lined the pockets of its developers.

As outlined by security firm Check Point, 41 apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., “infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.”

What is Judy malware?

The information about Judy comes from Check Point. The company, in a blog post on May 25, says that the malware was discovered by company researchers recently. “Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company,” says Check Point.

Image result for judy malware hd image

What happens once Judy infects a phone?

Judy is an adware. In other words, it tries to make money for its masters by creating fake ad clicks once it has infected a phone. The infection, on the other hand, happens once a user downloads the app through the Play store. After infecting a phone the app connects to a Control & Command centre managed by its creators. “To bypass Bouncer, Google Play’s protection, the hackers create a seemingly benign bridgehead app, meant to establish connection to the victim’s device, and insert it into the app store. Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload…,” notes Check Point.

How Judy operates:

To bypass Bouncer, Google Play’s protection, the hackers create a seemingly benign bridgehead app, meant to establish connection to the victim’s device, and insert it into the app store. Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.

Image result for judy malware hd image

Upon clicking the ads, the malware author receives payment from the website developer, which pays for the illegitimate clicks and traffic.

Image result for judy malware hd image

How do you know if Judy has affected your phone or not?

The best way to find out is to see whether you have any of these installed or not. There is no other tool. If you have any of these apps installed, your phone is most likely infected. You should format your phone ASAP.

Image result for judy malware hd image

As seen in previous malware, such as DressCode, a high reputation does not necessarily indicate that the app is safe for use. Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware.

Stay Safe!

Hope This Helps!

Please…  Like … Share… Comment… Follow…



Information Brought To You By Biovolt Corporation.

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page