“Judy” Android Malware Potentially Hits 36.5 Million Android Devices

“Judy” Android Malware Potentially Hits As Many As 36.5 Million Android Devices

It has been reported that up to 36.5 million android devices have been affected by this malware which has generated a huge revenue for their developers with the help of fraud clicking on their ad campaigns.

As reported by security firm Checkpoint, Kiniwini - A Korea based company has developed over 41 apps and published on the android play store under the name of ENISTUDIO Corp. which has infected millions of android devices to generate fraud clicks on their ad campaigns.

It might be the largest malware hunting on Google Play Store according to the security firm Checkpoint.

Fig: Malicious App Chef Judy

After knowing the existence of these fraudulent apps, Google has swiftly removed all the apps from the google play store which were published by ENISTUDIO Corp. but it has already spreaded to over 5 million users. And the most disastrous thing to know is almost all the apps were already there for several years but few were recently updated too.

In fact it is truly unknown that malicious code has been stayed in these apps for how long but those download numbers says everything. Checkpoint says “The total spread of the malware may have reached between 8.5 and 36.5 million android users.

How Judy Malware is affecting the users?

Fig: Searching for iframes containing Google ads

Once a user downloads any of their apps, user automatically gets registered with their remotely hosted command and control server and then the server executes the payload on the user’s device which includes a javascript code containing all the URLs required to redirect to an ad. And then this malware opens the URL in a hidden webpage on the user’s device and redirects to an ad website which later starts hitting the clicks on the banner and other advertisements provided by the Google Ads infrastructure.