On Thursday a security firm, Checkpoint made an announcement that millions of Android users are infected with an ad-click malware that is now popularly called as ‘Judy.’
It is interesting to note that the app which was the cause for this was present in the Google Play Store for more than a year. The developer of these apps happens to be ‘Judy.’ The developer had over 40 app listings, and the reach of this malware is expected to be somewhere around 36 million. After receiving the report from Checkpoint Google has immediately removed all of these apps from the Play Store.
According to a blog post from Checkpoint, a group called Kiniwini is responsible for this malware. Kiniwini is present in Play Store as ENISTUDIO corp., which is a Korean company as known to be developing apps for Android and iOS?
What is Judy?
Judy is primarily an automatic ad clicking software. The malware renders false advertising for users to click and thus generating revenue. All the apps from which the ad-malware had “Judy” as a brand name assigned to them.
How does it work?
The app operates in an interesting way. Google Play has a protection tool which Google calls Bouncer. Now, how did the app bypass it? First, the app provided was simple. Kiniwini made simple apps, and once the user has downloaded the app from Play Store, the malware connects to Control and Command Server, and then payload gets delivered!
How do you protect yourself?
If you have an app with related to name Judy, just uninstall it. It is highly advised that before downloading an app which isn’t from a top developer, correctly read user review and check for suspicious behavior. Always keep your phone up-to-date with latest Google’s latest security updates. Never use a public Wi-Fi without a VPN.
Although the Judy malware does not comprise user data, it still does generate revenue without the knowledge of users. Google has been issuing new security standards for apps in the Play Store, and hopefully, these kinds of malware will not affect users again.