It seems fortune is not in the favour of cyber security in the current year 2017. After the devastating effect of WannaCry on more than 1 million computers, a new malware has breached millions of android phones worldwide. As per the report, from US based security firm more than 40 million android phones have become the victim of this malware. This attack has made the history, by being one of the fiercely spread malware attack on Google Playstore.

The primary element disseminating the infection is claimed to be originated from Korean based company- kiniwini which is launched under the name ENISTUDIO Corp. Unethical and fraudulent activities, were observed on the devices which have downloaded this app. As per the investigation and research by Checkpoint security, the revealed malware is termed as ‘Judy’. Here, we elaborate all the minute details and infamous activities of this newly revealed malicious software.

judy

Defining Judy
Judy is malicious software that initiates multiple random fraudulent clicks to generate revenue. It falls under the category of Adware, to create fake clicks on infected devices. Around 50+ apps have found to be the primary culprit behind this malicious effect with ‘Judy the chef’ the common term among them. Hence, it is named as Judy. Judy does not steal any information from user devices but in turn generates multiple fake clicks on Ads, which provide monetary benefits to its creators. In order to gain access to confidential data, hackers need to bypass Bouncer – a Google plays protection shield, to generate the connection between user device and the malware server.

The extension of infection

Estudio – a Korean based development company, created around 41 apps which are instigating this Judy malicious effect, globally. It is believed that many other developers are also involved in it. This malware has disrupted the functioning of more than 40 million android devices and this figure is still counting up. Some of these apps have found to have a long time presence on Google Playstore. In a recent news event, Google claims to have fixed the issue with the launch of its latest version of Android (7.1.2). But according to the researchers, this issue is not absolutely eradicated and there are still chances of its popping up. Many developers claim, this bugs to be design related issues, which actually seems time consuming to resolve, while Google proposes it as a feature.

  • Rouge code added into the apps
    Privately opens webpages in background
    Loads JavaScript code, once the targeted website is loaded
    Initiates multiple clicks on Ads from Google Banner
    Korean company generates the revenue from ad clicks

How to detect the Judy infection?

The most fundamental way to detect the infection, is by determining whether this apps are installed in your device or not. The another way is to find out which apps have been assigned the “draw on top” and a11y permission. There are different set of steps for different versions of android, why is listed down here.

Google’s action on this attack

Google immediately flushed out the app from the playstore, once they came to notice by CheckPoint. It is unclear how long the malicious code remains existed in the app, and hence the level of infection cannot be determined. Google has created a full-fledged list of malicious apps that user should avoid downloading it on their devices. Prior to this attack, “falseware” and “Skinner” were the two apps that has breached the Google Playstore security system.

A comprehensive list of malicious apps infected by Judy malware and developed by Kiniwini is listed below:

Fashion Judy: Snow Queen style

Fashion Judy: Vampire style

Judy’s Hospital: Pediatrics

Animal Judy: Persian cat care

Animal Judy: Nine-Tailed Fox

Fashion Judy: Country style

Fashion Judy: Pretty rapper

Chef Judy: Jelly Maker – Cook

Animal Judy: Feral Cat care

Fashion Judy: Teacher style

Chef Judy: Chicken Maker

Fashion Judy: Twice Style

Animal Judy: Dragon care

Animal Judy: Sea otter care

Fashion Judy: Myth Style

Chef Judy: Halloween Cookies

Animal Judy: Elephant care

Animal Judy: Fennec Fox care

Fashion Judy: Wedding Party

Judy’s Happy House

Animal Judy: Dog care

Animal Judy: Teddy Bear Care

Chef Judy: Hotdog Maker – Cook

Fashion Judy: Couple Style

Fashion Judy: Bunny Girl Style

Chef Judy: Birthday Food Maker

Animal Judy: Cat care

Fashion Judy: Frozen Princess

Fashion Judy: Wedding day

Fashion Judy: Halloween style

Chef Judy: Triangular Kimbap

Fashion Judy: Waitress style

Fashion Judy: EXO Style

Chef Judy: Udong Maker – Cook

Chef Judy: Character Lunch

Chef Judy: Dalgona Maker

Fashion Judy: Uniform style

Chef Judy: Picnic Lunch Maker

Chef Judy: ServiceStation Food

Animal Judy: Rabbit care

Animal Judy: Rudolph care

Judy’s Spa Salon

User should avoid clicking on suspicious and unknown links. Install anti-malware software in your device and periodically scan your phone for any threats. Enable and configure private settings option in your web browser.

Author Bio

Rahim Makhani is the award winner CEO and founder of Auxano Global Services – a web and mobile application development company. He is keenly interested in writing technical blogs pertaining to android and iPhone application development. During his spare time, he loves to dive in the pool and enjoy playing golf with his friends.

The following two tabs change content below.
Rahim Makhani is the award winner CEO and founder of Auxano Global Services - a web and mobile application development company. He is keenly interested in writing technical blogs pertaining to android and iPhone application development. During his spare time, he loves to dive in the pool and enjoy playing golf with his friends.