Judy Android Malware

Judy Android Malware

The new age Android malware Judy has been found in 41 apps on the Google Play Store. The malware infected Android Smartphones to generate fraudulent clicks on advertisements.

Things to Know About Judy

Researchers observed new age malware campaign Judy on Google Play Store. Judy is an auto clicking malware which was found on 40+ Android applications developed by Korean company called ENISTUDIO corp.

The malware automatically simulates large number of fradulent advertisement clicks on victim’s android phone which helps in generating revenues for hacker group who placed these apps into Google Play Store, The Google’s Official App Store. The malicious apps contains series of cooking and fashion games under “Judy” Series.

How does Judy works?

Judy uses its Command and Control server for various operations. Google Bouncer Service, the Official Google Play Service which identifies malicious apps, was failed to detect these adware/malware. The major reason behind the Google Bouncer Failure was its Command & Control communication mechanism which recieves attacker’s command dynamically at run time.

According to Researchers, Judy is an auto clicking malware/adware, which simulates false clicks on advertisements and generates revenue for attackers behind this. After Google Team being informed by Researchers, they removed these apps from Google Play.

Forenzy’s Android Incident Response Team has done detailed analysis on “Judy” Android Malware. The facts and analysis are as per following:

1. Analysis of package “air.com.eni.ChefJudy030” (One of the App with “Judy” Adware)

Permissions required by Malicious App “air.com.eni.ChefJudy030”

2. “Judy” Adware App Checks for “root” privilege on Android Phone

Following codes shows function “checkRootingFiles” which looks for “su” binaries which gives root privilege to “Judy” on Android Device

3. “Judy” uses su binaries to get high system privilege

Following code shows use of “su” binaries if its available on Android Phone

4. Judy Loads Ads from Command & Control Server

Judy uses functions such as “pauseAd”, “startAd” etc. to pause and load Advertisements Dynamically from C&C Server

How to protect against Judy?

Google has removed all malicious apps which were owned by Judy adware. In order to be safe against these attacks, be careful while downloading apps. Don’t install apps from third-party websites except Play Store, The Official Google’s App Store . Run malware scans regularly on your android phones. For any further query, feel free to reach us via our contact-us page.