Android phone users, Judy is a sign of terrible malware to come
After ransomware "WannaCry" compromised thousands of computers overnight causing widespread panic, a new piece of malicious code now threatens to disturb the fragile peace in cyberspace. Called "Judy", the code is "possibly the largest malware attack" to hit Android's GooglePlay – the operating system's app store. As per reports, to date, Judy has managed to make its way into 36.5 million handsets across the globe by infecting them with malicious ad-click software.
Watching Judy?
Judy is an adware — a type of malware — which, after infecting the user's device, innocuously creates fake ad clicks from the phone to make its coders money. After infecting a phone through a downloaded app, it connects to a remote server managed by its creators.
As Checkpoint explains, "To bypass Bouncer, Google Play's protection, the hackers create a seemingly benign bridgehead app, meant to establish a connection to the victim's device, and insert it into the app store. Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload..."
As per reports, Judy malware was found embedded in as many as 41 apps on Google Play, and as such represents a serious error on the part of the company's screening process of allowing apps on its platform. The Judy-infected apps were initially found on apps by a Korean publisher known as ENISTUDIO. However, the malware was later also found on some apps from other publishers too.
Judy is not the first slip by Google as it has earlier been guilty of malware-infested apps breaching its stringent screening process.
Luckily for end users, in spite of the magnitude of the attack, Judy has not caused any serious damage.
Google has responded by removing the apps in question. However, the apps finding safe harbour on Android's play store for moret than a year does raise some serious questions about the security of the OS.
There is no evidence of Judy compromising data on infected phones. However, that does not mean users shouldn't be perturbed by this malware finding its way into their smartphones.
Judy, which creates a secret line of communication between the infected phone and an outside server, can do more than creating innocuous fake ad clicks. In an age when users keep most of their important data like photos, card details, and passwords saved on their phones, a code like Judy represents a serious threat for two billion Android devices across the globe.
As the "WannaCry" attack has recently demonstrated, such attacks should not be taken casually, and users of the Android platform as such should be wary of downloading apps from unverified sources.