Now that the WannaCry ransomware threat for Windows PCs has subsided, there’s a new threat in town, and this time the target is millions of Android phones used across the globe. Judy malware has been detected on the Google Play Store by security experts, with over 18 million app downloads estimated to carry the malware.
They believe that the Judy malware, camouflaged as apps, has been residing in the Google Play Store for many years now. But as things stand, Google has taken off the infected apps from the Play Store.
Judy < WannaCry
When it comes to the level of threat posed by Judy, the malware is less of a threat compared to the WannaCry ransomware, which locked the data on millions of Windows PC earlier this month. Here’s what Judy malware does to your Android phone, as highlighted by Check Point, the guys who found Judy in the first place.
The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind itCheck Point blog
According to them, the malicious apps with Judy have been downloaded by 18.5 million users.
What The Threat is Like
As pointed out by Check Point, Judy doesn’t seem to be stealing information from devices (that would have been a travesty). Instead, it helps the perpetrators earn money by intruding Google Ads platform, and clicking ads on your behalf.
The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure. Upon clicking the ads, the malware author receives payment from the website developer, that pays for the illegitimate clicks and traffic.Check Point
Not sure how many of you would be bothered by the how, and would probably be keen to know who’s behind it, and how you can prevent. Luckily we have answers to both of them.
The malicious apps are all developed by a Korean company named Kiniwini, registered on Google Play as ENISTUDIO corp.Check Point
The security firm has suggested users that instead of tracking all the apps they download, they would be better served by fool-proofing the phones which can prevent them from getting hit by mobile malware.
Google claims to have updated Bouncer protection for apps feature on Android. Android always faces big threats from malware, adware and viruses.
Google is doing its best to reduce such instances, but as a user, we need to stay vigil, be sensible with the kind of apps we download, and keep our devices secure in every possible manner.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)