JUDY: Android Nightmare

It seems that more malware threats are on the way. After Wannacry, a malware called Judy is infecting Android phones. “Judy” is an auto-clicking adware found on 41 apps developed by a Korean company, named Kiniwini, registered on Google Play,Google’s official app store, as ENISTUDIO corp. The company develops mobile apps for both Android and iOS platforms. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.

According to Check Point, the malware has a reach of anywhere between 8.5 million and 36.5 million users worldwide. Some of the apps discovered were residing on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown. Checkpoint explains that the viruses that came with these programmes went largely unnoticed because while the programmes were installed through Google, the official source, the malware code was downloaded from a non-Google server. This code would then enable automatic clicks on Google ads through the phones.

The apps got past the Play Store's protection system, Google Bouncer, because they do not contain the malicious part of the Judy code. How Judy works?? Once downloaded, the apps silently register the device to a remote server, which responds by sending back the malicious ad-click software to open a hidden website and generate revenue for the site by clicking on the adverts. Judy relies on the communication with its Command and Control server (C&C) for its operation. After Check Point notified Google about this threat, the apps were swiftly removed from the Play store.

It is important to note that the activity conducted by the malware is not borderline advertising, but definitely an illegitimate use of the users’ mobile devices for generating fraudulent clicks, benefiting the attackers. It is quite unusual to find an actual organization behind mobile malware, so a little bit confusing. They also found several apps containing the malware, which were developed by other developers on Google Play. The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly. The oldest app of the second campaign was last updated in April 2016, meaning that the malicious code hid for a long time on the Play store undetected.

The malware is very sophisticated, as evident by its design that can even defeat Google's Bouncer protection. It's just that at this moment Judy is probably not stealing anything from users. But secret gateway created between an infected phone and the malware server can possibly steal private details like credit card information and passwords from a phone anytime.

One have to be very very careful about downloading apps especially unknown. Firstly, users should check he reviews the app they’re downloading. Most of the times the users will say if the app is malicious or has any other problems. Also, users should always keep up with the latest system updates. An outdated operating system is a vulnerable one. Also for more safety ensure that Android devices have a secure robust solution, an antivirus that safeguards your device from any potential malware attack. Most importantly, make sure that you have a strong password consisting of numbers, letters and strange symbols.

In this digital age, when users keep most of their important data like photos, card details, and passwords saved on their phones, a code like Judy represents a serious threat and may be a sign of upcoming bigger attacks. So such attacks should not be taken casually (remember Wannacry), Android platforms should be used more carefully. Stay protected from any malware threats and invasions and happy browsing..