Android Security is once again under scrutiny as a new malware, dubbed as ‘Judy’ is reported to have infected approximately 36.5 million smartphones. The new malware has been found in 41 apps on the Google Play Store, which uses infected devices to generate fraudulent clicks on advertisements.
The working of the malware is interesting. Firstly, you need to know that there is a Google Play’s protection tool known as Bouncer. The hackers created seemingly harmless apps, which bypassed the security, mainly because it not based on an app, but with a Control and Command server. Once the user downloads the malicious apps, the malware manages to connect to the server, which delivers the malicious payload.
The malware-infested apps were downloaded up to 18.5 million times and forced Android users to click on ads. Check Point, a cyber security software company, dubbed the malware "Judy," developed by a Korean company, Kiniwini. The company is registered on Google Play as ENISTUDIO corp.
Check Point said some apps were discovered that had been living on Google Play for several years, but all were recently updated.
Google's technology, developed to keep adware out of the store, was not able to pick up on the malware as it was downloaded after installation. When the code was added to the apps, it would open Web pages in the background through software that imitated a PC browser.
Once the targeted Web site has been launched, the malware uses the JavaScript code to locate and click on banners from the Google ads network.
Upon clicking the ads, the malware author receives payment from the Web site developer, which pays for the illegitimate clicks and traffic.