A research firm Checkpoint says , there’s a new malware called “Judy malware” that has made its way to Google Play Store. It has infected almost around 8.5-36.5 million Android users. Which, upon discovery alerted Google, which then started to remove the apps that have been infected.
How did Judy malware entered Android devices?
The infected apps were present in the Play Store. Under the garb of fashion games and casual cooking, under the Judy brand. Its malicious activities didn’t come under the radar as the malicious code was downloaded from a non-Google server after the games were installed in the phone. It is an auto-clicking adware which was found on 41 apps developed by a Korean company.
How did Judy work?
The infected phone would incessantly click on Google Ads , generating revenue for its attacker. Judy relies on the communication with its Command and Control server (C&C) for its operation.
How it became so widespread?
Checkpoint also discovered that other developers who borrowed code from this Judy line of games, knowingly or unknowingly also ended up with the malware.
Checkpoint notes, ” The oldest app of the second campaign was last updated in April 2016. This meaning that the malicious code hid for a long time on the Play store undetected. These apps also had a large amount of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.”