UPDATED 23:10 EST / MAY 29 2017

INFRA

‘Judy’ malware infects up to 36.5M Android devices

A new form of malware dubbed “Judy” is believed to have infected up to 36.5 million Android device users, according to research published last week.

Discovered by Check Point Software Technologies Ltd., Judy was found to be bundled with 41 apps in the Google Play Store developed by a Korean company called Kiniwini that uses the name of ENISTUDIO Corp with its app listings. Judy acts as auto-clicking adware, a form of malware that uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the hackers who coded and spread the malware.

Although primarily being spread by Kiniwini apps, the Check Point researchers also found the malware present among a handful of apps from others companies with apps listed in Google Play. “The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly,” Check Point noted.

The malware itself starts operating from the moment an unsuspecting victim downloads an infected app, with Judy silently connecting to a command and control server. Interestingly, the initial infection doesn’t actually cause any harm, perhaps explaining why it passed Google inspection to begin with. The connection to the C&C server results in a download of a malicious payload that includes JavaScript code, a user-agent string and web addresses controlled by the malware author. Once up and running, the malware opens URLs using the user agent that imitates a personal computer browser in a hidden webpage and then uses JavaScript code to locate and click on advertising, with the malware author receiving payment for every ad clicked.

Google likes to claim that Android users should only download apps from Google Play to avoid viruses and malware, but this case highlights that even that has risks. “Users cannot rely on the official app stores for their safely,” Check Point said.

The advice, as always, is to practice safe Internet, and for Android users that means at the very least having antivirus software running at all times.

Image: Google Play

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU