As the world was still recovering from the WannaCry ransomware attack, a malware called ‘Judy’ hit over 36.5 million Android-based phones, making its way through Google Play Store.
According to cyber security firm Check Point, dozens of malicious apps have been downloaded between 4.5 million to 18.5 million times.
Some of the malware-infected apps may have been residing in Google Play for several years.
‘Judy’ is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers.
The entire ecosystem of free mobile OS is built around generating advertising revenues, and the operating system grants apps with certain privileges to display these ads.
Therefore, users are advised to review all installed apps for proper security settings and tools in place. One should avoid installing free apps and those from unknown sources.
After the malware-infected apps were discovered by Check Point, Google removed them from the Play Store. The malicious apps primarily included a series of casual cooking and fashion games under the ‘Judy’ brand, a name borrowed for the malware itself.
‘Judy’ is an auto-clicking adware which was found on 41 apps developed by a Korean company that uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.
The nefarious nature of the programmes went unnoticed in large part because its malware payload was downloaded from a non-Google server after the programmes were installed.
The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.
Previously, Android-based devices were hit by similar malwares like ‘FalseGuide’ and ‘Skinner’ that also infiltrated through Google Play.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)