Judy Malware Affects 36.5 Million Android Devices: How to Stay Safe?

Prayank

Android has given the power of mobile computing to millions and Google keeps updating its mobile OS with new features, enabling a better user experience, but its security seems to be lagging as new vulnerabilities are discovered.

C_osett | Flickr

Last month, we reported that a large number of gaming guide apps were reported to infect north of 2 million Android devices with a similar ad-displaying malware or adware.

As per CheckPoint’s report, the current ‘Judy’ malware has been found to house a malicious auto-clicking adware in 41 apps developed by a Korean company named Kiniwini and registered on Google Play as ENISTUDIO Corp.

The apps in question have total downloads between 4.62 million and 18.42 million which puts the total number of devices infected anywhere between 8.5 million to 36.5 million.

“The malware, dubbed ‘Judy’, is an auto-clicking adware which as found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it,” CheckPoint Security stated.

The researchers found out that most of these apps have been on the Play Store for a long time but they were all recently updated and it’s unclear as to when the malicious code was inserted into these apps — making it unclear actually how many devices have been affected till date.

How Did Judy Malware Attack Android Devices?

Google keeps reiterating the fact that its Play Store for Android is the best and safest repository of Android app and recommends users to download apps from there since they’ve security measures in place.

Jan Persiel | Flickr

But, as we can see, these security measures are being exploited time and again.

In order to circumvent Google Play’s Protection, the hackers behind the Judy malware attack created a bridgehead app which is meant to connect to the victim’s device.

Once this malicious app is downloaded, it registers receivers to establish a connection with the C&C server (Command and Control) — similar to Falseguide’s attack last month.

“The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author,” the report reads.

Once the target website is launched, the loaded Javascript code is used by the malware to locate and click on Google ad banners and receive payment in lieu of the illegitimate clicks and traffic.

How is Adware Affecting Me Personally?

Although adware might not seem to be affecting your device, or the data held within it directly, the ad-displaying malware is still dangerous.

The Judy malware gains control of the device in order to be able to generate fraudulent clicks through it — which means that an attacker can perform other harmful activities too since they have control over the user’s device.

“A high reputation does not necessarily indicate that the app is safe for use. Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly,” the report stated.

How to Stay Safe?

Although app stores have security measures in place to detect apps with malicious intent and block them off from being uploaded.

But users shouldn’t solely rely on the security measures of the app stores and should download antivirus on your smartphones, just as you install them on your PC.

Smartphones are fast emerging to have powerful computational powers and as the market around it grows, so do the threats.

According to CheckPoint, “Users cannot rely on the official app stores for their safely, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware.”

You should also always check the permission that an app seeks before installing it on your device, as more than often, even the popular apps like Facebook are hindering your privacy.

List of the Judy Malware Infected Apps

The following apps have been removed from the Play Store soon after CheckPoint researchers found out about the malware, but in case you still have any of them lurking on your device, better uninstall them quickly.

  • Fashion Judy: Snow Queen Style
  • Animal Judy: Persian cat care
  • Fashion Judy: Pretty rapper
  • Fashion Judy: Teacher Style
  • Animal Judy: Dragon care
  • Chef Judy: Halloween Cookies
  • Fashion Judy: Wedding Party
  • Animal Judy: Teddy Bear Care
  • Fashion Judy: Bunny Girl Style
  • Fashion Judy: Frozen Princess
  • Chef Judy: Triangular Kimbap
  • Chef Judy: Udong Maker – Cook
  • Fashion Judy: Uniform style
  • Animal Judy: Rabbit care
  • Fashion Judy: Vampire Style
  • Animal Judy: Nine-Tailed Fox
  • Chef Judy: Jelly Maker – Cook
  • Chef Judy: Chicken Maker
  • Animal Judy: Sea otter care
  • Animal Judy: Elephant care
  • Judy’s Happy House
  • Chef Judy: Hotdog Maker – Cook
  • Chef Judy: Birthday Food Maker
  • Fashion Judy: Wedding Day
  • Fashion Judy: Waitress style
  • Chef Judy: Character Lunch
  • Chef Judy: Picnic Lunch Maker
  • Animal Judy: Rudolph care
  • Judy’s Hospital: Pediatrics
  • Fashion Judy: Country style
  • Animal Judy: Feral cat care
  • Fashion Judy: Twice Style
  • Fashion Judy: Myth Style
  • Animal Judy: Fennec Fox Care
  • Animal Judy: Dog Care
  • Fashion Judy: Couple Style
  • Animal Judy: Cat care
  • Fashion Judy: Halloween style
  • Fashion Judy: EXO Style
  • Chef Judy: Dalgona Maker
  • Chef Judy: ServiceStation Food
  • Judy’s Spa Salon

Also See
#malware#security

Join the newsletter

Prayank

Written By

Prayank

Bike enthusiast, traveller, ManUtd follower, army brat, word-smith; Delhi University, Asian College of Journalism, Cardiff University alumnus; a journalist breathing tech these days.