‘Judy’ malware infects up to 36.5 million Android devices

As many as 36.5 million Android users may have been infected by ‘Judy’, a new strain of ad-click malware.

According to the researchers at Check Point, by May this year, the malware was present on 50 apps on Google Play, many of which were highly rated by users. The apps contain code that sends infected devices to a target website, where they generate fraudulent clicks on the site’s adverts to make money for its creators.

South Korean company Kiniwini, which publishes games to Google Play under the name ENISTUDIO, was responsible for 41 of the apps. Another 9 apps, developed by other companies, also contain the malware.

Google has now removed the apps from its Play store.

Flaw in Google Play

Although Google has now removed the malicious apps, the extent of the infection and the fact that it managed to go undetected for so long raises concerns about the company’s anti-malware checking system, Bouncer. Check Point reports that the Kiniwini exposed a flaw in Bouncer by “creating a seemingly benign bridgehead app, meant to establish connection to the victim’s device”.

Once the app is downloaded, it silently registers the device to a remote server, which responds by sending back the malicious ad-click software to open a hidden website. “The malware then spams out adverts to the infected handset, some of which have to be clicked on by the user to get the home screen functional again,” The Register reports. When the user clicks on the ads, the malware author receives payment from the website developer for the clicks and traffic.

The Judy malware comes just over a month after similar ad-click malware was found in 49 apps available on Google Play. Meanwhile, Google has recently increased the rewards for its Android Security Rewards program, now offering as much as $200,000 for its top prize: a remote exploit chain or exploit leading to a TrustZone or Verified Boot compromise.

Secure your systems

To discover flaws in your systems before malicious actors do, it’s important that you conduct regular penetration tests. You may not be operating on the scale of Google, but you’re still likely to be hit by random, indiscriminate attacks sooner or later, so you need to be prepared.

IT Governance’s Web Application Penetration Test is designed to identify potential vulnerabilities in your websites and web applications. It also provides recommendations for improving your security posture, facilitating your compliance with the PCI DSS and ISO 27001. The test combines a number of advanced manual tests with automated vulnerability scans to ensure every area of your web applications are tested.

Find out more about our Web Application Penetration Test >>