Android Malware Judy Hits 36.5 million Android users, infected smart phones to generate fraudulent link clicks on advertisements. Biggest malware campaign on Google Play
The new age Android malware “Judy” has been found in 41 apps on the Google Play Store. The malware infected Android Smartphones to generate fraudulent clicks on advertisements.
Researchers observed new age malware campaign “Judy” on Google Play Store. “Judy” is an auto clicking malware which was found on 40+ Android applications developed by Korean company called ENISTUDIO corp. The malware automatically simulates large number of fradulent advertisement clicks on victim’s android phone which helps in generating revenues for hacker group who placed these apps into Google Play Store, The Google’s Official App Store. The malicious apps contains series of cooking and fashion games under "Judy" Series.
Judy uses its Command and Control server for various operations. Google Bouncer Service, the Official Google Play Service which identifies malicious apps, was failed to detect these adware/malware. The major reason behind the Google Bouncer Failure was its Command & Control communication mechanism which recieves attacker's command dynamically at run time. According to Researchers, Judy is an auto clicking malware/adware, which simulates false clicks on advertisements and generates revenue for attackers behind this. After Google Team being informed by Researchers, they removed these apps from Google Play
Forenzy's Android Incident Response Team has done detailed analysis on "Judy" Android Malware. The facts and analysis are as per following:
1. Analysis of package "air.com.eni.ChefJudy030" (One of the App with "Judy" Adware)
Permissions required by Malicious App "air.com.eni.ChefJudy030"
2. "Judy" Adware App Checks for "root" privilege on Android Phone
Following codes shows function "checkRootingFiles" which looks for "su" binaries which gives root privilege to "Judy" on Android Device
3. "Judy" uses su binaries to get high system privilege
Following code shows use of "su" binaries if its available on Android Phone
4. Judy Loads Ads from Command & Control Server
Judy uses functions such as "pauseAd", "startAd" etc. to pause and load Advertisements Dynamically from C&C Server
Google has removed all malicious apps which were owned by “Judy” adware. In order to be safe against these attacks, be careful while downloading apps. Don’t install apps from third-party websites except Play Store, The Official Google’s App Store . Run malware scans regularly on your android phones. For any further query, feel free to reach us via our contact-us page.