More than thirty million Android users might be infected with an adware that has been on Google’s Play Store for many years.
Again, thanks to security experts at Check Point they were able to discover the malware, naming it Judy. The malware was discovered in more than forty applications that were all linked to a single Korean company named ENISTUDIO.
Even though Google has removed the infected applications from its store, the damage already done casts no doubt on the efficacy of the adware it spread through the application and by bypassing Google Play’s security screening system, Bouncer.
According to the report published by Check Point, for an infected application to bypass Bouncer protection, the application creates a bridge between a server and the device it was installed on – like many applications out there – which is why it remained undetected for so many years.
The malicious code then fills the device with advertisements, many of them are click-adverts, meaning they interact with the spam advertisements to get back to their home screen, and these click-advertisements then make the hackers their money.
Be aware, it is not only the Korean company that is making these applications. Reports from a more recent discovery show that there are other developers following the same trend; more than forty-five applications were discovered on Play Store using the same two-step tactic. Users are fooled into downloading the applications and then once done, the server would send the payload of malicious code to the user’s phone.
It is applications like Judy that highlight a very important message for users: always check the information on applications before downloading them. Good ratings do help to know if the application is safe. There were others saying that these applications had tremendous advertisements that Judy was generating.
This is just one example discovered. In time, security researchers will develop different tricks to see how hackers fool us. We recommend using a paid anti-virus service for your smart device and keeping it up to date with all the latest security updates.