A malware campaign on Google Play has victimized as many as 36.5 million Android users with adware known as “Judy.”
Researchers at Check Point discovered 41 apps laden with the auto-clicking adware on the Play Store. After receiving word from the researchers, Google removed the programs from its app marketplace. But that wasn’t before the apps achieved between 4.5 million and 18.5 million downloads.
In total, the campaign could have affected as many as 36.5 million Android users over a period of at least a year. Similar to the DressCode campaign, many of the Judy-infected apps didn’t have too bad of ratings, either, which no doubt contributed to their widespread distribution.
Just check out “Chef Judy: Picnic Lunch Maker”, one of the Android apps that bore the malware scourge.
Check Point’s research team explains how an infection works:
By clicking on the banners, the malware generated revenue for the authors.
Judy is similar to other malicious programs like FalseGuide in that it relies on a C&C server for its nefarious activities. But most of those campaigns are the brainchildren of malicious actors. By comparison, all of Judy’s infected apps trace back to Kiniwini, a Korean company which registered on Google Play as ENISTUDIO corp.
As of this writing, the company still has a profile on Google’s app marketplace.
Android users should steer clear of any future apps developed by ENISTUDIO corp. They should also install a mobile anti-virus solution to help protect threats like Judy and read the reviews of an app before they install it.
User reviews don’t always reveal suspicious app activity, but they can and oftentimes do.