Breaking News

'Judy' malware infects 36.5 million Android users globally

Judy malware


There’s a new piece of Android malware on the loose and it’s a doozy. Originally discovered by researchers at Check Point last week, the malware has been dubbed “Judy” and is potentially one of the most widely spread pieces of Android malware we’ve seen to date. It’s currently believed that upwards of 36.5 million Android devices may have already been infected.

As outlined by security firm Check Point, 41 apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., "infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it."

The apps have been removed from the Google Play store after Check Point informed the tech giant about the threat.

As for how the malware operates, Check Point explains:
Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string, and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden web page and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.
Upon clicking the ads, the malware author receives payment from the website developer, which pays for the illegitimate clicks and traffic.

The malware has been named 'Judy' after the cutesy character ‘Judy the chef’ who appears in most of the affected apps.





No comments