judy malware attack

After Wanna Cry Havoc, Judy Malware Infects 36.5 million Android Phones!

judy malware attack

30 May 2017, India:

ANDROID USERS, THIS ONE IS FOR YOU! After the havoc caused by the Wanna Cry ransomware, a new virus called ‘Judy’ has infected around 36.5 million Android users globally!

“Some of the apps (that were infected) we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown, security solutions firm Check Point said in a blog post.

Google has removed 41 Android apps which were infected with Judy from the official Play Store. It appears that starting with April 2016, the apps were slowly updated with malicious code. The purpose of this code was to launch a browser app, load an URL, and use JavaScript to locate and click on specific banners that would bring profits to the malware’s creators.

To elaborate, When a user downloads and installs a malicious app, the malware infects the device but stays inactive. After the program itself is accessed, the malware uses the user’s connection to establish a link with the Command and Control server, which is the developer’s own server. This app then redirects and keeps opening external web pages. Once the targeted website is launched, the Judy virus uses the JavaScript code to locate and click on banners from the Google ads infrastructure.

Related read- Top 10 Hacks of 2016: The Largest, The Deadliest And The Craziest!

According to Check Point, almost all malicious apps were made by a South Korean company called Kiniwini, but registered on the Google Play Store as ENISTUDIO corp. It is unclear if the company added the malicious code itself, or its servers were compromised and the code added by a third-party.

The Judy virus has been compared to two other similar exploits, namely FalseGuide and Skinner. The developers of these programs usually find ways of increasing the positive ratings of their apps to lure new users. In some cases, actual users are unknowingly forced to give high ratings to the app as per the report by Blasting News. Check Point advises users against relying only on the Play Store securities. It is instead better to use some form of external protection such as anti-virus and anti-malware software, to protect one’s devices against such malicious apps. (Image- wallpaperup.com)

Also read- ATM Will be Shutdown Due to Ransomware Attack; If You’re Forwarding Such Messages, You Need to Read This!