The “Judy” malware has infected millions of Android smartphone users all over the globe, a security research firm revealed after uncovering more than 50 apps in Google Play containing codes for the malicious software.
According to security researchers and mobile experts at Check Point, an auto-clicking malware dubbed they now call “Judy” may already be the biggest malware campaign found on Google Play.
Based on the team’s report posted on May 25, the malware which was discovered to be embedded in 41 Android apps developed by Korean company Kiniwini already has reached millions of Android users in the world. According to them, the malicious apps containing the Judy malware already has a staggering download count between 4.5 million and 18.5 million.
According to the report, the firm behind the malware was registered in the Platy Store as ENISTUDIO Corp., the developer for popular cooking games including Chef Judy: Picnic Lunch Maker.
Aside from that, the team unearthed more apps on Google Play that may contain the codes for the ad-clicking software that were not developed by the initial perpetrators. The connection between the 41 apps with malware codes in them as well as the ones from other developers remain a mystery. However, Check Point experts have a theory about how they gained access to the malware.
“The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly.”
The team’s research on revealed that the malware acts by infecting a device with a click-generating software that “clicks” on advertisements without the knowledge of the user. This, in turn, generate more revenue for the people behind the Judy malware.
From what the team’s research discovered, the oldest of the other Google Play apps with the malicious software was last updated in April 2016 which means that the code has been hidden for quite a while in the Android application store.
Fortunately, Google immediately took action after the security research firm submitted their report unveiling the malware and has since removed all apps that may contain its code.
Still, security provided to Android users by the Google Bouncer, Play Store’s protection system, can only do as much considering that the culprits behind the malware found a way to pass the screening without getting detected by not adding the malicious part of the code to the software immediately.
Speaking to BBC, Open University Networking Senior Lecturer Andrew Smith revealed that after being downloaded, the Judy malware quietly runs a registration of the user’s device to a remote server that responds with the malicious ad-click part of the code.
While it may sound clever to people who are not well-versed with technical stuff, this delivery “has become commonplace,” according to Smith.
“There are many tools available, and the advantage is that the malware distributor can change them remotely, which makes it difficult for anti-malware software to keep up.”
The general rule in preventing online junk like the Judy malware to infect one’s devices is to vigilant. Tech Times provided specific tips to prevent similar malicious software from entering your devices.
Before downloading any app, make sure to read reviews “for potential red flags” even with ones that are from reputable developers. Also, make sure that your device’s operating system is updated as most OS updates contain security patches for recently discovered threats.
Heavy mobile users and Internet enthusiasts are also advised to make use to VPN especially when connected to a public network and make sure that an antivirus software has been installed.
When opening up your device to Wi-Fi’s and other unknown networks, make sure to add levels of security codes such as passwords and PIN codes that are strong by making it specific and more personal.
Do you have an opinion about the Judy malware? Share it with the comments below.
[Featured Image by Ali Kerem Yücel/Thinkstock]