A recent report from security research firm Check Point has revealed that ‘Judy’ malware has infected up to 36.5 million Android devices worldwide. Judy is an auto-clicking adware found in 41 apps on the Google Play Store. All these apps were developed by a Korean company named Kiniwini, registered as ENISTUDIO corp. on Google Play store. This firm develops apps for Android as well as iOS platform.
Judy Malware infection Stats
According to Check Point “These apps had a large amount of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.”
The security firm further added that “Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.”
How Judy malware attacks
The report suggests that Judy malware was able to bypass Google Play’s protection tool, Bouncer, by creating seemingly bridgehead app which bypassed the security with a Control and Command server.
Once a user downloads a malicious app, it manages to set up a connection with the Control and Command server, which delivers the actual malicious payload. This includes the ‘JavaScript code, a user-agent string and URLs controlled by the malware author.’
The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage which redirects to another website. Once the targeted website is launched, the malware uses JavaScript code to locate and click on banners from the Google ads infrastructure. Upon clicking the ads, the malware author receives payment from the website developer, which pays for the illegitimate clicks and traffic.
Malicious App with Judy Malware
- Fashion Judy: Snow Queen style
- Animal Judy: Persian cat care
- Fashion Judy: Pretty rapper
- Fashion Judy: Teacher style
- Animal Judy: Dragon care
- Chef Judy: Halloween Cookies
- Fashion Judy: Wedding Party
- Animal Judy: Teddy Bear care
- Fashion Judy: Bunny Girl Style
- Fashion Judy: Frozen Princess
- Chef Judy: Triangular Kimbap
- Chef Judy: Udong Maker – Cook
- Fashion Judy: Uniform style
- Animal Judy: Rabbit care
- Fashion Judy: Vampire style
- Animal Judy: Nine-Tailed Fox
- Chef Judy: Jelly Maker – Cook
- Chef Judy: Chicken Maker
- Animal Judy: Sea otter care
- Animal Judy: Elephant care
- Judy’s Happy House
- Chef Judy: Hotdog Maker – Cook
- Chef Judy: Birthday Food Maker
- Fashion Judy: Wedding day
- Fashion Judy: Waitress style
- Chef Judy: Character Lunch
- Chef Judy: Picnic Lunch Maker
- Animal Judy: Rudolph care
- Judy’s Hospital: Pediatrics
- Fashion Judy: Country style
- Animal Judy: Feral Cat care
- Fashion Judy: Twice Style
- Fashion Judy: Myth Style
- Animal Judy: Fennec Fox care
- Animal Judy: Dog care
- Fashion Judy: Couple Style
- Animal Judy: Cat care
- Fashion Judy: Halloween style
- Fashion Judy: EXO Style
- Chef Judy: Dalgona Maker
- Chef Judy: ServiceStation Food
- Judy’s Spa Salon
