'Judy' malware may have infected 36.5m Android devices

'Judy' malware may have infected 36.5m Android devices
All 41 apps were from Korea-based developer Kiniwini and were on Google Play under the name ENISTUDIO Corp, and have since been removed from the Play Store.
PHOTO: The Jakarta Post/Asia News Network

Thanks to the "largest malware campaign found on Google Play," according to security firm Check Point, up to 36.5 million Android devices have been infected by malware found in 41 different apps.

All 41 apps were from Korea-based developer Kiniwini and were on Google Play under the name ENISTUDIO Corp, and have since been removed from the Play Store. But according to Check Point, the games still "reached an astonishing spread between 4.5 million and 18.5 million downloads."

Dubbed "Judy" by Check Point, based on the titular character of Kiniwini's games, the malware produced fake advertising clicks that then resulted in revenue for its developers.

"It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," said Check Point, but that still means that "the total spread of the malware may have reached between 8.5 and 36.5 million users."

The post on Check Point's blog continued, "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure."

More about

smartphones malware
Purchase this article for republication.

BRANDINSIDER

SPONSORED

Most Read

Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.