A new malware called “Judy” has made its way to the Google Play Store and has infected between 8.5-36.5 million users, says research firm Checkpoint.
Checkpoint upon discovery alerted Google, which has started to remove the apps that have been infected.
According to reports, these infected apps were present in the Google Play Store for more than a year.
Checkpoint in its blog said, “It is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.”
The firm is not certain on how long the malicious code was present inside the apps; therefore exact extent can’t be determined.
How did “Judy” work?
The infected apps were present in the Play Store under the garb of casual cooking and fashion games under the “Judy” brand and its malicious activities didn’t come under the radar as the malicious code was downloaded from a non-Google server after the games were installed in the phone.
The infected phone would incessantly click on Google Ads, generating revenue for its attacker.
The fact that a malware like “Judy” went undetected of the Google Play raises serious questions on the security measures taken by the Internet giant to safeguard its Android Operating System.
With no intention to fuel the age-old Android vs. iOS debate, the fact that Android allows more freedom to its developers, sometimes becomes a crutch rather than a helping hand.
How it became so widespread
Checkpoint discovered that other developers who borrowed code from this “Judy” line of games, knowingly or unknowingly also ended up with the malware.
Checkpoint notes, “The oldest app of the second campaign was last updated in April 2016, meaning that the malicious code hid for a long time. These apps also had a large amount of downloads between 4 and 18 million.”