Judy Malware Hit as Many as 36.5 Million Android Powered Devices


by James Stewart, Negosentro.com |

On Thursday 28 May, the security firm Checkpoint uncovered dozens of Android apps carrying malware infection with malicious ad-click software. At least one app in all discovered with infection bearing the malware is available through Google Play app store for more than a year.

However, it’s still unknown that to what extent the malicious code has spread but as per Checkpoint, the infection has hit as many as 36.6 million devices. Its reach makes it one of the most widespread infections discovered on Google Play so far. Google removed these apps when it was notified to the company.

These malicious apps were primarily a series of causal cooking and fashion games under the brand name Judy, after which the name to malware itself has been given. The wicked nature of the apps could not be noticed until malware payload was downloaded from an app store other than Google Play and installed in devices. When the code was investigated, it was found to click on Google ads and generate fraudulent revenue for the attacker.

Checkpoints says that the infection may have spread to even more wide space as not all of the apps under the brand Judy have been tested. These apps include Fashion Judy: Magic Girl Style and Fashion Judy Masquerade Style among several others. Google seems to pull all the installments of the series from the Play store.  

However these attacking apps under the brand name Judy were published by a Koran mobile app development company – ENISTUDIO but as noticed, the iterations of similar attacks were found in some apps from other app-publishers.  

This is the first time when a malware managed to beat Google’s screening process and became available on Google Play. There have been several attacks which occurred even after Google’s strict process. Though, the malware Judy was intended to click on Google ads and generate fake revenue, it has caused no damage to the phone it infected. No case of “data compromised” has been heard for so far.

Judy succeeded to hide itself on Google Play for a long time. It also suggests that Android ecosystem is still less secured then Apple’s iOS ecosystem.

So how does malware like Judy becomes available on Google Play store? To do that hackers work smartly. They make an innocuous app that seems to do nothing bad to anyone and also gets through Google’s Bouncer security screening. When the app is downloaded to a device, it silently registers receiver, establish a connection with the server, according by CheckPoint. The server replies to the query with malicious payload which is actually a JavaScript code – basically a user-agent string and URLs that can be controlled by the author of the malware.