Judy Android Malware: Οι ερευνητές security της Checkpoint ισχυρίζονται ότι ανακάλυψαν ενδεχομένως τη μεγαλύτερη καμπάνια malware στο Google Play Store, which has already infected around 36,5 million Android devices with ad-click software.
Checkpoint posted on her blog more than 41 apps for Android from a Korean company on the Google Play Store that allegedly earned money for their creators creating fake ad clicks from infected devices.
All the malware, developed by the Korea-based company Kiniwini, was marketed under the name ENISTUDIO Corp., and contained an adware program that the researchers named Judy. Judy, as mentioned above, was used to generate false clicks aimed at generating revenue from advertisements.
In addition, researchers also uncovered some other apps, which were published by other developers in the Google Play Store, and inexplicably contain the malware itself.
The link between the two campaigns remains unclear, though the researchers believe it is possible that one programmer borrowed the code from the other, "knowingly or unknowingly".
“It is very unusual to find an organization behind a malware campaign, as most of them are developed by pure (standalone) malicious users,” CheckPoint researchers report.
Apps available on the Play Store do not contain malicious code to bypass Google Bouncer protection.
Once the download and installation are done, the application silently logs the user on a remote control server and in response receives the real Malware malware (Judy Android Malware) that contains a JavaScript that starts the actual malicious process.
Malicious apps appear to be genuinely legitimate games, but in the background they act as a bridge to connect the victim's device to the adware server.
Once the connection is established, malicious applications corrupt the user agents of the browser to "play" the browser to open pages and generate clicks.
The following is a list of malicious applications developed by Kiniwini (click on "Malicious Applications" to open the list). If you have any of these installed on your device, remove it immediately:
Google has already removed the above apps containing Judy Android Malware from the Play Store, but since Google Bouncer did not recognize them as a malicious thing at the outset, it would be to watch what you downloaded.