A new menace was discovered by the analysts from CheckPoint. Android operating systems are selected as the bull’s-eyes to be hit. Traces of malicious activity were detected in 41 application that originated from Korean creators. The injected malware was decided to be referred to as Judy and it is basically a malware, attempting to commit ad-fraud. The activity of this malicious creation includes annoying generation of clicks on deceptive advertisements that are expected to bring revenues for their producers.
In total, nearly 37 million users could have unknowingly installed at least one application which was severely influenced by Judy malware. Disturbingly, the affected applications were all featured in the Google Play Store. Since Google is a respectable facility, users tend to download applications from this source without any security concerns. Most of the dubious apps were related with dress-up, make-up, makeovers and other similar themes that gaming applications are based on.
You might be surprised that there is a specific company to blame for this malware: a Korean company named Kiniwini, in Google Play detected as ENISTUDIO corp. It is rare to know who developed the malicious applications, but in this case, we do.
Since the store operates with millions of diverse applications, sometimes it becomes a real quest to make sure that all of the endorsed programs would be safe to use. This is one of those times when malware managed to remain unnoticed for about a year. As soon Google was informed about the discovery and existence of 41 potentially dangerous apps, they hurried to removed them from the store.
Judy strikes Android devices by managing to conceal its malicious nature. For the sake of not being red-flagged by Bouncer, it attempts to be evaluated as a harmless tool, ready to make connection to operating systems and implanting itself into the Google Play Store. After a visitor download the malicious application, the program will contact its C&C server to receive the actual source of malicious activity.
Once this tool is launched, it will continue on with stealthy procedures. It will use JavaScript to find banners and generate clicks on them from the Google ads infrastructure. Since, evidently, almost 37 million users from all over the globe might have received this malware, the revenue hackers received could have been gigantic. Additionally, the malware applications will also display streams of advertisements and sometimes users will have no choice but to click on the ad.
There had already been multiple times when Google Play Store had to deal with malicious applications. Google reports that visitors should be careful while downloading applications from its store. While the corporation puts efforts into keeping its store secure, we do understand the difficulty of such a task. We could only guess how many security researchers are working daily to maintain the app safe and running. As long as you avoid downloading random applications from unknown developers, you should be fine. Also, always read EULA and Privacy Policy documents before installing an application. Furthermore, check that an app would not require suspicious permissions, like, access to your camera if its functions have very little to do with this element.
Source: blog.checkpoint.com