Android is under attack from a new malware named Judy that has been found to have been hidden in at least 41 Play Store apps, revealed security research firm Checkpoint that first discovered the anomaly. What is even more startling is that one of the infected apps is believed to have been there at the Play Store for over a year and yet went undetected, potentially undermining Google’s otherwise massive security mechanisms.
What is equally daunting is the huge scope of the malware attack that has gone on to affect 8.5 million to 36.5 million Android users worldwide. Needless to say, Google has already initiated countermeasure and is believed to have begun identifying and removing the infected apps.
As for the malware itself, Checkpoint claimed Judy basically is an auto-clicking adware. So what the malware actually did was it went on an ad clicking spree with the aim to increase Google ad revenue for the attacker.
From the surface, the infected apps were largely cooking or fashion related gaming apps carrying the Judy brand. According to Checkpoint, the apps managed to dodge the standard Google security measures by remaining relatively clean while being at the Play Store. However, once installed on a device, the dangerous code then got downloaded from a server outside of Play Store.
The actual extent of the attack is still being deliberated upon considering that there is a large number of Judy app present in the Play Store. Also, even if not all of the Judy apps have been found infected, a few other app having a different origin too have been found carrying the same infectious codes.
Judy’s origin meanwhile can be traced to the South Korea-based company named ENISTUDIO. The company is engaged in developing apps for both iOS and Android.
Checkpoint also stated they have no reason to believe the malware has any other intention other than making false clicks on Google ads to boost ad revenue. As such, user’s privacy does not seem to have been compromised with so far.
Worth mentioning, it has just been weeks that the world had seen another ransomware attack that primarily targeted Windows systems. Interestingly, the ransomware is believed to have been the handiwork of some North Korea based hackers though it is not known if that has been a state-sponsored effort.