This is Judy, and she's hiding malware in your Android phone

Nettie James
May 30, 2017

After WannaCry's sizable impact on many Windows machines around the world, details have been revealed of a malware campaign targeting Android devices through the Google Play Store. It uses infected devices to generate false clicks on advertisements, further generating revenues for the perpetrators behind it.

These apps also had a large amount of downloads (between 4 and 18 million), meaning the total spread of the malware across both campaigns may have reached between 8.5 and 36.5 million users.

Experts fear some 41 malicious apps which were downloaded up to 18.5m times from the Google Play store have spread the malware.

After the application is downloaded, it figures out how to set up an association with the Control and Command server, which conveys the genuine noxious payload. Though many apps were rigged with this bug, one of these was available on the Play Store for more than a year. Also, even if not all of the Judy apps have been found infected, a few other app having a different origin too have been found carrying the same infectious codes. The worrying news came complete with evidence that the company found for 41 apps, developed by the same Korean company, that came together with the malware.

The malicious apps seek out banner ads from Google's ad services and cause each infected device to click on ads.

Judy then opens the URLs using the user-agent string that mimics the web browser of the infected system and is used to launch the targeted websites. But just to be sure, you can check the list of apps published by the security research firm.

This isn't the first time that Google's security measures have failed its users though, with the likes of CallJam, DressCode and Skinner all lurking on the app platform within in the past year. This means that it was undetected by Google for nearly a year. Rewards can be anything by nature including credits towards making Google Play Store purchases. The malware author in turn gets paid by the website for the illegitimate clicks and traffic. It seems that it was able to bypass Play Store's protection and establish a connection to the user's device once downloaded. Play Protect will be built into every device with Google Play and automatically takes action to keep users' data and device safe.

Other reports by Insurance News

Discuss This Article