A new malware now auto clicks on ads to generate revenue for hackers

Another week. Another malware attack. This time, it’s Google Play Store at fault with over 41 apps found vulnerable to a new malware named “Judy” which is thought to have infected around 8.5 to 36.5 million users worldwide, security research firm Check Point reported. The firm stumbled upon the malware and notified Google. Google has announced it has started to remove the infected apps from the Play Store. The Judy Malware is a auto-clicking adware which uses the infected devices to false click on ads to generate revenue for the people behind the malware.

The apps infected with Judy malware has already reached 4.5 million to 18.5 million downloads. Check Point, the security firm discovered that the the company which developed the apps is based out of South Korea. The name of the company is Kiniwini and uses the alias ENISTUDIO corp. on the Play Store. The company makes apps for both iOS and Android.

“The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated,” Check Point said in a statement.

The firm noted that the malware code has been present in the app since April 2016 which means that they managed to evade Google’s scrutiny for more than a year. The malware was able to bypass the Play Store’s inherent protection against such malicious codes as the hackers were able to create a “seemingly benign bridgehead app, meant to establish connection to the victim’s device, and insert it into the app store.”

The Judy Malware create false clicks on ads to boost revenues for the companies. Once the infected app is downloaded by the user, the app sets up a connection with the Control and Command server which is the one providing the malicious code which is basically “JavaScript codes, a user-agent string and URLs controlled by the malware author.”

The URLs redirects to a targeted website where the code automatically clicks on banners under the Google Ads platform. Each click rakes in revenue for the ones who created the malware. The ads are identified by spotting iframes which is what props up Google’s ad infrastructure.

The Judy Malware incident shows that even the Google Play Store is not fully protected against malicious codes. Google has stated that its Play Store works over time to automatically identify malware infected apps that can risk the user. But, as has been seen in this case, even Play Store is not foolproof.


. . . . . . . .

Leave a Reply