Empowering Digital Defense. We specialize in proactive Cyber Security services, Threat Detection, Data Protection, and Risk Resilience for robust e-security.
Subscribe to get Free Cyber Threat Intellegence by Forenzy to safeguard your Digital assets.
©2024 Forenzy Networks Private Limited. All rights reserved.
Judy Android Malware
The new age Android malware Judy has been found in 41 apps on the Google Play Store. The malware infected Android Smartphones to generate fraudulent clicks on advertisements.
Things to Know About Judy
Researchers observed new age malware campaign Judy on Google Play Store. Judy is an auto clicking malware which was found on 40+ Android applications developed by Korean company called ENISTUDIO corp.
The malware automatically simulates large number of fradulent advertisement clicks on victim’s android phone which helps in generating revenues for hacker group who placed these apps into Google Play Store, The Google’s Official App Store. The malicious apps contains series of cooking and fashion games under “Judy” Series.
How does Judy works?
Judy uses its Command and Control server for various operations. Google Bouncer Service, the Official Google Play Service which identifies malicious apps, was failed to detect these adware/malware. The major reason behind the Google Bouncer Failure was its Command & Control communication mechanism which recieves attacker’s command dynamically at run time.
According to Researchers, Judy is an auto clicking malware/adware, which simulates false clicks on advertisements and generates revenue for attackers behind this. After Google Team being informed by Researchers, they removed these apps from Google Play.
Forenzy’s Android Incident Response Team has done detailed analysis on “Judy” Android Malware. The facts and analysis are as per following:
1. Analysis of package “air.com.eni.ChefJudy030” (One of the App with “Judy” Adware)
Permissions required by Malicious App “air.com.eni.ChefJudy030”
2. “Judy” Adware App Checks for “root” privilege on Android Phone
Following codes shows function “checkRootingFiles” which looks for “su” binaries which gives root privilege to “Judy” on Android Device
3. “Judy” uses su binaries to get high system privilege
Following code shows use of “su” binaries if its available on Android Phone
4. Judy Loads Ads from Command & Control Server
Judy uses functions such as “pauseAd”, “startAd” etc. to pause and load Advertisements Dynamically from C&C Server
Recent Posts
Categories
Archives