Check Point announces that Judy might be the largest malware campaign so far – up to 36.5 million Android devices have been potentially compromised. The malware, called Judy, produces false ad clicks and makes money for its creators.
According to a security vendor Check Point, there were 41 infected applications in total. They were created by Kiniwini, a company based in Korea and distributed under the moniker ENISTUDIO Corp. The devices infected with the Judy malware start to produce high volume of false clicks on ads that generate revenue for cybercriminals.
Google deleted the malicious applications from the Google Play store after it was notified about their presence. However, before that, Judy was installed from 4.5 million to 18.5 million times. Some of these apps appeared on Google Play for a few years and were recently updated.
“It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown”, Check Point reported. However, those numbers of installation mean that “the total spread of the malware may have reached between 8.5 and 36.5 million users”.
The malware got Judy’s name because of the title character in the malicious Kiniwini applications. For example, the illustration above demonstrates Chef Judy: Picnic Lunch Maker. There were other Judy variations available, such as “Animal Judy” or “Fashion Judy”.
So, how does Judy work? Attackers develop a harmless app that passes through Google’s Bouncer protection and appears on the app store.
According to Check Point,
Judy is compared to two prior exploits, including FalseGuide and Skinner. In addition, like another malicious app, DressCode, Judy had good consumer reviews. Check Point Security provider also adds that “hackers can hide their apps' real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware”.
The developer, Kiniwini, creates applications for Apple iOS and Android, but there are no issues with the iOS apps. The total number of 41 Judy apps are available in the App Store, and most of them were updated on March 31.