Number of Judy malware victims hits staggering total.
Google Play customers, beware: more than 30 million Android devices are believed to have been infected with Judy Malware, a seemingly benign virus as far as bad guys go. A new report found that a lone company has 41 apps up on Google Play that are filled with a click-for-pay mechanism, making them money off of phony ad clicks.
According to TheHackerNews, “All the malicious apps, developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp, contained an adware program, dubbed Judy, that is being used to generate fraudulent clicks to generate revenue from advertisements.”
The report, issued by security firm Check Point, also found that other developers’ apps, whether knowingly or not, were running the same malware in their programs. Interestingly, several of the infected apps have been available on the platform literally for years, but all have received recent updates. It almost seems like a developer found a way to monetize through fraudulent ad clicks, and updated all of their apps to contain the infection. “Judy” was found on apps that had large numbers of downloads, typically between four and 18 million each, giving the total reach of the infection a higher body count.
Check point found that the mechanism behind Judy was not all that new. “Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation.”
Removed from store
Fortunately, the offending apps have been reported to Google and removed from the Play Store, an all-too-common occurrence within the platform’s third-party developer guidelines. Android users have long been warned against sideloading content from external platforms for this very reason.