Here we go, yet another threat in the cyber world. Judy malware is the latest malware apparently affecting millions of Android devices. Scary it is, as so far it has infected approximately 36.5 million smartphones. Reportedly, this malware has been found in 41 apps on the Google Play Store, which uses infected devices to generate fraudulent clicks on advertisements.
Google has been alerted and a malware campaign is on Google Play Store as well. Google, right now, is working to remove these infected apps from Play Store. The malicious apps have spread between 4.5 million and 18.5 million downloads. The infected apps include cooking and fashion games under the ‘Judy’ brand.
Judy is what? And how does it infect?
Judy is an auto-clicking adware, which creates false clicks on advertisements, and generates substantial revenue for the attackers. The malware attacks in a unique way. The seemingly harmless apps bypass the security, with a Control and Command server. Once the malicious apps are downloaded, the malware connects to the server that delivers the payload.
With every click, the hackers get payment from the website developer, which pays for illegitimate clicks and traffic.
Who is behind this attack?
Reportedly, a South Korean based group called Kiniwini is behind this malware attack. This group is registered on Google Play as ENISTUDIO corp.
How to keep yourself safe online from the malware?
- Check reviews: Always check user reviews for potential red flags, even if the app is downloaded from a legitimate store. Most likely, other users have already spotted it if there are any.
- Keep your system updated: Update your Android device with the most recent operating system and security patch.
- Use a VPN: When connected to a public network, make sure to use a VPN, just in case any malicious perpetrator tries to infect your device via the unsecured network.
- Use an antivirus program: A good antivirus app is a must-have.
Choose a strong password: Include as many vague symbols and characters for optimum safety. Just be sure to actually remember it, of course.