A new menace was discovered by the analysts from CheckPoint. Android operating systems are selected as the bull’s-eyes to be hit. Traces of malicious activity were detected in 41 application that originated from Korean creators. The injected malware was decided to be referred to as Judy and it is basically a malware, attempting to commit ad-fraud. The activity of this malicious creation includes annoying generation of clicks on deceptive advertisements that are expected to bring revenues for their producers.
In total, nearly 37 million users could have unknowingly installed at least one application which was severely influenced by Judy malware. Disturbingly, the affected applications were all featured in the Google Play Store. Since Google is a respectable facility, users tend to download applications from this source without any security concerns. Most of the dubious apps were related with dress-up, make-up, makeovers and other similar themes that gaming applications are based on.
You might be surprised that there is a specific company to blame for this malware: a Korean company named Kiniwini, in Google Play detected as ENISTUDIO corp. It is rare to know who developed the malicious applications, but in this case, we do.
Since the store operates with millions of diverse applications, sometimes it becomes a real quest to make sure that all of the endorsed programs would be safe to use. This is one of those times when malware managed to remain unnoticed for about a year. As soon Google was informed about the discovery and existence of 41 potentially dangerous apps, they hurried to removed them from the store.
Judy strikes Android devices by managing to conceal its malicious nature. For the sake of not being red-flagged by Bouncer, it attempts to be evaluated as a harmless tool, ready to make connection to operating systems and implanting itself into the Google Play Store. After a visitor download the malicious application, the program will contact its C&C server to receive the actual source of malicious activity.