Judy hits Android

As the world is yet to recover from the WannaCry ransomware attack, a new malware ‘Judy’ has hit over 36.5 million android based phones, making its way through Google Play Store. Cyber-security firm Checkpoint reported that this is possibly the largest malware found on Google Play. Google removed malicious app after being informed by the checkpoint.

What is Judy malware?

According to checkpoint, Judy is an auto-clicking adware that produces fake clicks on advertisement and generate substantial revenue for the attackers. The malicious apps include a series of casual cooking and fashion games under the “Judy” brand, a name borrowed for the malware itself. The evil nature of the programs went unnoticed in large part because the programs were installed through Google, official source but its malware payload was downloaded from a non-Google server after the programs were installed. The code would then use the infected phone to click on Google ads. The malicious apps have achieved an astonishing spread between million and 18 million downloads.

Why did it go unnoticed?

Attackers created a harmless app that can pass Google’s bouncer protection screening and enter the play store. Some of the apps that carried this malware which was present in the play store for years. The oldest app was updated last year in April which signifies that the malware hid for long on the play store.

Who is the developer?

Checkpoint believes that kiniwini, registered on Google play as ENISTUDIO is behind the attack. The company belongs to South Korea and develops app for Android and iOS platform. The malware has been found on all the 41 apps developed by the company.

Analysis

This has not been the first time that a malware hoodwinked Google play’s screening process. Previously, Android-based devices were hit by similar malware ‘FalseGuide’ and ‘Skinner’ that too infiltrated through Google play. Judy’s operation like the other two was made possible through communication with its Command and Control server.

FalseGuide, reported by Checkpoint in April this year on the surface consisted of guiding apps for games. Malware was hidden in more than 40 guide apps, the oldest of which was updated on February 2017 which signifies they were hid for five month on the play store. The possible reason for picking this disguise would be that guiding apps enjoys immense popularity and can have their code undisturbed for long as they need little development and feature implementation.

The malware dubbed ‘Skinner’ was reported by Checkpoint in March this year was embedded inside an app which provided game related feature. The malware studied the user habits and use the data it gleaned to display suitable ads to raise the probability they would be clicked on. Researchers spotted Skinner in only one Google Play Store app that had a maximum of 10,000 users.

Assessment

Judy demonstrates once again that users cannot rely on downloading apps from legitimate source and need more advanced protection to guard their devices. Mobile phones needs to be upgraded with the latest software and security patches in order to protect them from the risk of getting exposed to such malwares. With the secret link malware creates between mobile devices and its server, it is easily possible to extract private details of the consumers such as credit cards, bank details and password from the phone. Google shall scan all the apps from time to time and add advanced features that would detect and remove apps if found harmful.