INFRA
INFRA
INFRA
‘Judy’ malware infects up to 36.5M Android devices
A new form of malware dubbed “Judy” is believed to have infected up to 36.5 million Android device users, according to research published last week.
Discovered by Check Point Software Technologies Ltd., Judy was found to be bundled with 41 apps in the Google Play Store developed by a Korean company called Kiniwini that uses the name of ENISTUDIO Corp with its app listings. Judy acts as auto-clicking adware, a form of malware that uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the hackers who coded and spread the malware.
Although primarily being spread by Kiniwini apps, the Check Point researchers also found the malware present among a handful of apps from others companies with apps listed in Google Play. “The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly,” Check Point noted.
The malware itself starts operating from the moment an unsuspecting victim downloads an infected app, with Judy silently connecting to a command and control server. Interestingly, the initial infection doesn’t actually cause any harm, perhaps explaining why it passed Google inspection to begin with. The connection to the C&C server results in a download of a malicious payload that includes JavaScript code, a user-agent string and web addresses controlled by the malware author. Once up and running, the malware opens URLs using the user agent that imitates a personal computer browser in a hidden webpage and then uses JavaScript code to locate and click on advertising, with the malware author receiving payment for every ad clicked.
Google likes to claim that Android users should only download apps from Google Play to avoid viruses and malware, but this case highlights that even that has risks. “Users cannot rely on the official app stores for their safely,” Check Point said.
The advice, as always, is to practice safe Internet, and for Android users that means at the very least having antivirus software running at all times.
Image: Google Play
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
