Judy malware spreads to 36.5 million Android devices
Judy is the biggest malware outbreak caused by app downloads
A new strain of malware dubbed 'Judy' has infected up to 36.5 million Android users, security researchers have found.
The malware campaign was found spreading through apps available on Google Play, Google's official app store, according to a blog post by Check Point.
Judy, the auto-clicking adware which was found on 41 apps, used infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. Among the apps included are; Fashion Judy: Snow Queen Style; Fashion Judy: Vampire style; Chef Judy: Character Lunch; and Fashion Judy: Frozen Princess.
South Korean firm Kiniwini developed more than 40 of the apps, and put them on Google's Play Store under the name Enistudio.
"Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," said the researchers.
The apps have since been removed by Google but questions have been raised over the detection methods the tech giant employs to prevent malware from entering its app store.
"To bypass 'Bouncer', Google Play's [anti-malware] protection, the hackers created a seemingly benign bridgehead app, meant to establish a connection to the victim's device, and insert it into the app store," said Check Point's advisory.
Clicking on ads results in the malware author getting paid by the website developer.
"It is important to note that the activity conducted by the malware is not borderline advertising, but definitely an illegitimate use of the users' mobile devices for generating fraudulent clicks, benefiting the attackers," Check Point's researchers said.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now