Judy Android Malware: Checkpoint security researchers claim they have perhaps discovered the biggest Google Play Store malware campaign that has already infected about 36,5 million Android devices with ad-click software.
Checkpoint Company posted on blog of more than 41 Android apps from a Korean company on the Google Play Store that allegedly make money for their creators by generating fake ad clicks from the infected devices.
All of the malicious apps, developed by Korea-based company Kiniwini, were marketed under the brand name ENISTUDIO Body, and contained an adware program, which the researchers named Judy. Judy, as mentioned above was used to generate fake clicks intended to generate ad revenue.
In addition, the researchers also discovered some more applications, published by other developers in the Google Play Store, and inexplicably contain the same malicious software.
Η connection between the two campaigns remains unclear, although researchers believe it is possible that one developer borrowed the code from the other, "knowingly or unknowingly".
"It is very unusual to find an organization behind a malware campaign, as most of them are developed purely by malicious (standalone) users," say CheckPoint researchers.
Apps available on the Play Store do not contain malicious code to bypass Google Bouncer protection.
Once downloaded and installed though, the app implicitly registers the user's device to a remote server control and as a response it receives the actual malicious payload (Judy Android Malware) which contains a JavaScript that starts the actual malicious process.
Malicious apps appear to be genuinely legitimate games, but in the background they act as a bridge to connect the victim's device to the adware server.
Once the connection is established, malicious applications corrupt the user agents of the browser to "play" the browser to open pages and generate clicks.
The following is a list of malicious applications developed by Kiniwini (click on "Malicious Applications" to open the list). If you have any of these installed on your device, remove it immediately:
Google has already removed the above apps containing Judy Android Malware from the Play Store, but since Google Bouncer did not recognize them as a malicious thing at the outset, it would be to watch what you downloaded.