Judy Malware Infects Over 30 Million Android Users Worldwide

An application masked as an adware infected over thirty million Android devices.


More than thirty million Android users might be infected with an adware that has been on Google’s Play Store for many years.

Again, thanks to security experts at Check Point they were able to discover the malware, naming it Judy. The malware was discovered in more than forty applications that were all linked to a single Korean company named ENISTUDIO.

Image Source: Check Point – A malicious Judy app on Google Play.

Even though Google has removed the infected applications from its store, the damage already done casts no doubt on the efficacy of the adware it spread through the application and by bypassing Google Play’s security screening system, Bouncer.

According to the report published by Check Point, for an infected application to bypass Bouncer protection, the application creates a bridge between a server and the device it was installed on – like many applications out there – which is why it remained undetected for so many years.

Image Source: Check Point – Searching for iframes containing Google ads.

Once the application is downloaded from Google Play Store it pings the server and registers the target. From there the command and control server replies to the application with the malicious code that is made up of JavaScript, along with different variables and strings and URL’s that are all controlled by the server.

The malicious code then fills the device with advertisements, many of them are click-adverts, meaning they interact with the spam advertisements to get back to their home screen, and these click-advertisements then make the hackers their money.

Image Source: Check Point – Comments made by suspicious users.

Be aware, it is not only the Korean company that is making these applications. Reports from a more recent discovery show that there are other developers following the same trend; more than forty-five applications were discovered on Play Store using the same two-step tactic. Users are fooled into downloading the applications and then once done, the server would send the payload of malicious code to the user’s phone.

It is applications like Judy that highlight a very important message for users: always check the information on applications before downloading them. Good ratings do help to know if the application is safe. There were others saying that these applications had tremendous advertisements that Judy was generating.

This is just one example discovered. In time, security researchers will develop different tricks to see how hackers fool us. We recommend using a paid anti-virus service for your smart device and keeping it up to date with all the latest security updates.

Anonymous recommends: Click Here To Surf & Download Anonymously, Protect Yourself From Any Hackers Or Spy Agencies And Get Around Censorship Filters

Click here to follow us on steemit.com, the decentralized social media platform with no censorship and get paid for your posts, likes and comments!



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.