Home Security Check Point claims Judy is 'largest malware campaign' on Google Play

Check Point researchers have discovered yet another widespread malware campaign in 41 apps on Google Play. They claim that it is possibly the largest malware campaign found yet on Google Play.

Check Point has dubbed the malware “Judy” as most of the apps are about a fictitious character named Judy. It is an auto-clicking adware which was found on 41 apps developed by a South Korean company.

The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached between 4.5 million and 18.5 million downloads – an estimated 36 million users.

The researchers said some of the apps they discovered had resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, so the actual spread of the malware remains unknown.

Google quickly removed the 41 apps and pointed out that the malware was not discovered in testing for Play Store – something it calls “Bouncer”.

Check Point said to bypass Bouncer, Google Play’s protection, the hackers create a seemingly benign bridgehead app, meant to establish a connection to the victim’s device, and insert it into the app store.

Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string, and URLs controlled by the malware author.

The malware opens the URLs using the user agent that imitates a PC browser in a hidden web page and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.

Check Point says the malicious apps were all developed by a South Korean company named Kiniwini, registered on Google Play as ENISTUDIO corp.

The company develops mobile apps for both Android and iOS platforms. 

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect