Auto-clicking 'Judy' adware was distributed by over 40 apps in Google's official Android market.
Security researchers have discovered a large malware campaign in the Google Play store.
Dubbed Judy -- because many of the malicious apps are games featuring a cutesy character of that name -- the autoclicking adware was found in 41 different apps created by a Korean mobile app developer, whose products have been downloaded by up to 18 million Android users. Some of the apps having been available for many years and are regularly updated.
Uncovered by cybersecurity researchers at Check Point Software, the malware uses devices to generate fraudulent clicks on adverts, generating income for those behind the scheme.
The malware was also discovered in several apps created by other developers on Google Play, some of which haven't been updated since April 2016. This suggests the malicious code was able to hide in the store undetected for over a year. The connection between the two campaigns is unknown, but it's possible one developer borrowed code from the other.
It's unclear how long the malicious code has existed within this second group of apps, but they have been downloaded by up to 18 million users.
This represents the latest instance of malicious codes sneaking malicious apps into the Play store, as part of Google's ongoing battle with Android malware.
The Judy apps are able to bypass Google Play's Bouncer protection system by using similar techniques to other forms of malware which have successfully infiltrated the Android store -- such as FalseGuide and Skinner -- because the malicious code is hidden from view.
There are more cryptor attacks than ever before. Could your business survive a cryptor? Despite criminals often demanding bigger payments from business victims, the ransom may only represent a small portion of the overall costs to the business. Download this ebook to learn how to guard against crypto-ransomware.
Many of the malicious apps are developed by a Korean firm named Kiniwini, whose products in the Play Store are registered under the name ENISTUDIO corp. They develop products for both Android and iOS and their games focus on a character called Judy doing various jobs ranging from cooking to pet care.
The researchers note that it's unusual to unearth the actors behind malicious apps, which in this case are hijacking users' devices to generate fraudulent clicks.
In addition to the fraudulent activity, the apps display a number of adverts which often leave users with no option but to click on them. Some users have commented on this as suspicious in negative reviews. However, the apps still enjoyed high user ratings -- a reminder that review scores can't always be trusted as apps can trick users into giving high scores.
Negative reviews noting suspicion of Judy apps in the Play Store.
Image: Check PointCheck Point has informed Google about the adware and the apps have now been removed from the store, although the millions who've already downloaded them are likely to remain unaware they're affected, due to the lack of any sort of recall facility for apps.
While Google keeps the vast majority of its 1.4 billion Android users safe from malware, malicious apps still get through.
Kiniwini has posted a statement on its website, which seems to refer to the games being removed from Google Play.
"Recently, our game apps have been blocked on Google Play and the service has been stopped," the company said.
Google had not responded to a request for comment at the time of publication.
Thecomputerheale.com makes no claims about the efficacy of the information contained in the documents and related graphics published on this website for any purpose. All information, documents and graphics are provided "as is" without any kind of guarantee of effectiveness. Thecomputerhealer.com hereby disclaims all responsibility for the manner in which the information offered on this website is used by you.
In no event shall Thecomputerhealeronline.com be liable for any special, indirect or consequential damages or any damages whatsoever resulting from the loss of use, data or profits arising out of or in connection with the use or performance of information available from this website.
The documents and related graphics published on this website may include technical inaccuracies or typographical errors. Changes are periodically added to the information on this website. Thecomputerhealer.com reserves the right, at its discretion, to change or modify all or any part of this agreement and the content on website at any time, effective immediately upon publication of this notice.
Your continued use of this website constitutes your binding acceptance of these terms and conditions, including any changes or modifications made by Thecomputerhealer.com as permitted above. If, at any time, the terms and conditions of this agreement are no longer acceptable to you, you should immediately cease using this website.