This article was last updated 8 years ago

Google, Android

As many as 36.5 million Android users may have been infected by advertising fraud malware. As per the report, the malware could have been lurking in Google Play Store for years.

The malware, dubbed as “Judy” by the researchers at Checkpoint – the firm which first discovered it, was found in 41 apps in the Store, all made by Korean publisher ENISTUDIO.

The malicious code was also found in several apps from other developers. Report said that “it is possible that one borrowed code from the other, knowingly or unknowingly”.

Between them, the infected apps may have been downloaded over 36.5 million times. Check Point said it did not know for how long the malicious versions of the apps had been available, but all the Judy games had been updated since March this year.

The malware silently registers receivers, establishing a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. It opens the URLs using the user agent that imitates a PC browser in a hidden webpage, and receives a redirection to another website.

It then spams out adverts to the infected handset, some of which have to be clicked on by the user to get the home screen functional again. This drives revenue to the malware operator due to all the ad clicks.

While Google has now pulled all these infected apps, the discovery and extent of the outbreak has started talks about serious doubt on the efficacy of the anti-malware checking system, Bouncer.

Checkpoint’s advisory states:

To bypass Bouncer, Google Play’s protection, the hackers create a seemingly benign bridgehead app, meant to establish connection to the victim’s device, and insert it into the app store.

Google said that it has dealt with the issue, and has taken action on the policy-violating apps. It indicated that the search giant has taken down most of the apps, which had the Judy malware bug. The bug force-clicks ads on an infected phone, creating nuisance for users while generating gamed revenue for advertisers.

In India, more than 90% of smartphones run on the Android OS, leaving them vulnerable to the malware. However, no infections have been reported in India so far.

1 comment
Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.