Tuesday 30 May 2017

Here’s what you should know about new Android-based ‘Judy’ malware

Malware and Android are quite synonymous for a variety of reasons. Given the versatility and openness of the Android platform, malicious apps can easily make their way into the Play Store. However, things are slightly different now with the introduction of Google Bouncer which screens every app for malware. However, some developers are clever enough to bypass this altogether and still have malicious apps on the Play Store.

Earlier today, we discovered a new Android-based malware called “Judy”. The name stems from the app, “Chef Judy”. The app comes from Korean developer Kiniwini under ENISTUDIO Corp. The vulnerability was spotted by research and security firm Check Point. The developer apparently has a total of 41 apps on the Play Store that come with this malware. These apps have reportedly spread malware to nearly 36.5 million Android devices.

So what does this malware do?

Check Point claims that Judy basically creates fraudulent ad clicks on its apps to multiply revenues for the developers. The worst part is that the apps have been around for a couple of years now and were updated recently, telling us that the company has been fooling Google’s security system for a couple of years. The fact that it can completely surpass Google’s Bouncer system is worth pointing out as well.  

Here’s what Check Point has to say on how Judy works - “Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.”

What now?

Well, Google has now removed the malicious apps from the Play Store, so users no longer have to worry about stumbling across these apps accidentally. It’s important to note that these apps are available on iOS as well, but there have been no known reports of malware outbreaks. There are about 45 apps from ENISTUDIO Corp on the iTunes App Store right now.

  • Forget WannaCry: hackers promise floods of tears with fresh malware
http://ift.tt/2rztVoX

No comments:

Post a Comment