After WannaCry, Judy infects millions of Androids

Share

A new malware called "Judy" has made its way to the Google Play Store and has infected between 8.5-36.5 million users, says research firm Checkpoint. After the WannaCry attack on more than 200,000 computers, a new malware has emerged in the world of Android smartphones.

Among such apps, one had been available directly through Google's Play Store for over a year until recently.

The best thing to do is uninstall any app or game from this Korean company, with majority being a game about Judy.

What is Judy Malware and how does it work? The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.

The working of the malware is interesting.

More news: Trump says he'll decide on Paris climate agreement next week

All installments of the series do appear to have been pulled from Google Play.

This seems to be a bad month for cyber security. Originally discovered by researchers at Check Point last week, the malware has been dubbed "Judy" and is potentially one of the most widely spread pieces of Android malware we've seen to date. It was followed by another redirection that loaded Google Ads and generated illegitimate clicks. Further, the JavaScript locates the targeted ads by searching of iframes which contain ads from Google ads infrastructure. The company has been registered on Google Play Store as ENISTUDIO corp.

Google has smashed a huge advertising fraud racket by ejecting 41 apps which helped perpetrate the fraud from its Google Play app store, according to a Fortune report. This was how Judy was able to bypass Bounce, Google Play's protection system. Most of the infected apps have received positive reviews on Google Play store, but some tech savvy users did find the constant ads popping up on the screen to be suspiciously odd and complained about the issue on the review comment section. Most of the times the users will say if the app is malicious or has any other problems. Once the application got downloaded, the adware silently establishes a connection with its Command and Control server (C&C) to receive the malicious payload code.

How to protect yourself from this malware? The company advises that phone users should exercise caution and allow apps to be downloaded and installed only from trusted sources like Amazon. Secondly, keep your system updated with the latest software and security patch. Try some VPN services, when connected to a public network and install an antivirus program, this could be very helpful. For Android users, this means that millions of people could be impacted by the Judy malware, and a lot of them would never be able to tell.

Share