Fraudulent adware ‘Judy’ infected up to 36 million Android phones

A new malware named Judy which was present in 41 Google Play Store apps may have affected up to 35 million Android phones around the globe.

Check Point researchers have dubbed Judy as possibly the largest malware campaign found on the Google Play Store.

Major video subtitle vulnerability leaves millions of devices unprotected

Latest update: Google has removed all 41 apps from the Play Store following the revelation by Check Point researchers. The same has been confirmed by the research firm in a blog post.

YOU MAY ALSO LIKE:

Back on Thursday, security research firm Check Point revealed a new malware named 'Judy' which they said was present in as many as 41 Google Play Store apps and possibly infected between 8.5 and 36.5 million users. These apps were downloaded between 4 and 18 million times and were thriving in the Google Play Store 'for several years.'

Masquerading mobile malware FalseGuide infects 2 million Android devices

All 41 apps containing Judy adware were developed by a Korean company. Once these apps were downloaded by Android device users, the adware infiltrated such devices to generate large amounts of fraudulent clicks on advertisements which in turn boosted the advertisers' revenues.

Aside from these 41 apps, researchers at Check Point also discovered Judy in apps published by other developers, but they have found no connection between the two campaigns. They said this could have been a result of some developers borrowing certain codes from others without knowing the true implications of such codes. Nevertheless, apps developed by both sets of developers continued to thrive on the Google Play Store undetected until the researchers intimated the technology giant last week.

Major Google Play Store security flaw won’t get fixed until Android O arrives

Check Point researchers have also drawn parallels between Judy and another malware named FalseGuide which affected over two million Android devices earlier this year. Also unearthed by Check Point, FalseGuide was present in as many as six gaming guide apps that were developed by Russian hackers. These apps were made available on the Google Play Store in November last year and enjoyed over two million downloads before being discovered.

Following the FalseGuide revelation, Check Point researchers had advised Android phone users not to rely on the Google Play Store for security from malicious apps. Instead, they said that users must implement additional security measures like using mobile antivirus apps. This is because mobile botnets have been growing 'in both sophistication and reach' and hide behind seemingly harmless guide apps which are very popular and require little development.