It’s not even a month now that government departments, educational institutes, and many organizations are still recovering from the threat caused by ‘WannaCry’ that hit them real hard and the threat was ascertained in more than 100 countries. And to add to the woes, following close on its heels is the new malware threat referred to as ‘Judy’. This malware it is being reckoned has affected as many as 36.5 million Android devices. This was stated by a security firm Check Point.
What is this Judy Malware?
It is basically an adware that is “auto clicking” and that was found on as many as 41 apps. These apps were created by a Korean company. The main aim of this adware is to compel infected devices to generate clicks on advertisement banners so that revenue gets generated from these fraudulent clicks. This revenue would benefit the perpetrators.
According to the experts it is being said that the apps on which the malware resided was in fact prevalent for several years on the Google Play Store. So, how is it possible that its existence in the Play Store was undetected all these years? According to Check Point, a firm that offers security solutions, the malware code hid in the Play Store and one of the main reasons why it was not detected was due to the fact that the “malware payload” was not downloaded from Google server once the installation of the program took place. As such, these activities generated revenues for the ones that created the malware.
What did Google do to nullify the impact?
That the malware was generating fraudulent clicks from infected devices was brought to notice by Check Point. Soon after, the infected apps were taken down from the Play Store. However, despite removing these apps, what still remains uncertain is the extent of damage. This is because it is not clear the duration for which the malware code remained hidden in the apps. As such, the extent to which the damage has been caused is not known. Earlier, similar instances have been reported when devices with Android OS were infected by “Skinner” and “FalseGuide”.
How does Judy work?
Experts at Check Point are of the opinion that as many as 50 apps have been infected by this malware. These code containing apps redirects the devices that have been infected to a webpage that generates these false clicks thereby generating revenue. Out of the 50, 40 apps were developed by Kiniwini that publishes various virtual games under the name of Enistudio. It is basically a South Korean company. And it is in these games that a character called Judy is present and one that has been downloaded several million times.
Aside from Kiniwini, there were many hidden codes that were also developed by other creators of the apps. And it is being reckoned that these malicious codes might have been spread due to sharing, either intentionally or unknowingly.
Lacunae in Play Store protection system
Experts are of the opinion that these malicious codes succeeded in tricking the security system of Play Store. The name of Play Store’s security system is Google Bouncer. As soon as the codes are downloaded, the apps will connect the infected device to a server that is remotely located. In turn, the remote server sends back the malware code that causes a website to open and send fraudulent clicks in the process.
The main disadvantage of this type of malware programs is that they can be remotely controlled and accessed. As such, the anti-malware software that is installed in your device may not detect it and may not rise up to the situation in the time of need.